Between 2020 and mid-2021 cyber-attackers stole more than $50m (£37m) of digital assets, investigators found.
Such attacks are an "important revenue source" for Pyongyang's nuclear and ballistic missile programme, they said.
The findings were reportedly handed to the UN's sanctions committee on Friday.
The cyber-attacks targeted at least three cryptocurrency exchanges in North America, Europe and Asia.
The report also referenced a study published last month by the security firm Chainalysis that suggested North Korean cyberattacks could have netted as much as $400m worth of digital assets last year.
And in 2019, the UN reported that North Korea had accumulated an estimated $2bn for its weapons of mass destruction programmes by using sophisticated cyber-attacks.
North Korea has been banned by the UN Security Council from carrying out nuclear tests and launching ballistic missiles.
However the UN report says that despite crippling sanctions, North Korea has been able to continue developing its nuclear and ballistic missile infrastructure.
It has also continued to seek material, technology and knowhow overseas, including through cyber means and joint scientific research.
The sanctions monitors said there had been a "marked acceleration" of missile testing by Pyongyang.