Report Details North Korean Crypto Cloud Breaches via React CVE-2025-55182 and Record 2025 Hauls

On 9 March 2026, cybersecurity researchers outlined how North Korean state-linked hackers abused a critical React front-end flaw, CVE-2025-55182, to infiltrate crypto exchanges, staking platforms, and software vendors’ cloud systems. The attackers allegedly used stolen AWS credentials to hunt for private keys, source code, and configuration secrets, contributing to an estimated $2.02 billion in stolen cryptocurrency during 2025.