With three months left to go, 2025 is already a record year for North Korea-linked hackers. They’ve raked in more than $2 billion in stolen crypto assets since January.
-
North Korea-linked hackers stole over $2 billion in crypto in 2025, their biggest annual total yet.
-
Attacks are shifting from exchanges to targeting individuals through social engineering.
-
Experts say stolen crypto supports North Korea’s nuclear program.
The figure brings the total known value of crypto stolen by the North Korean regime to more than $6 billion and may actually be higher, according to cybersecurity experts at Elliptic, a blockchain analytics firm that tracks illicit crypto transactions.
“We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed. Other thefts are likely unreported and remain unknown,” the firm said in a new report.
This year’s losses were primarily driven by a $1.46 billion theft from cryptocurrency exchange Bybit, reported in February and described as “the largest theft on a cryptocurrency platform ever” at the time.
Other thefts publicly attributed to North Korea in 2025 included crypto platforms Seedify, LND, and WOO X, with losses ranging from over $1.2 million to $14 million. On top of that, Elliptic said it had attributed more than 30 additional hacks to North Korea so far this year.
“The 2025 total already dwarfs previous years and is almost triple last year’s tally, underscoring the growing scale of North Korea’s dependence on cyber-enabled theft to fund its regime,” the report said.
The previous record year for North Korean cybercriminals was 2022, when $1.35 billion in crypto was stolen during attacks against crypto services such as Ronin Network and Harmony Bridge.
Shifting victim profile
Cybersecurity experts also pointed out North Korean hackers' shifting tactics. While crypto exchanges suffered the majority of losses this year, an increasing number of victims now include high-net-worth individuals.
“As crypto prices have risen, individuals have become increasingly attractive targets, often lacking the security measures employed by businesses,” Elliptic said, adding that some were targeted for their ties to businesses holding large amounts of crypto.
According to researchers, most of this year’s hacks have been carried out through social engineering attacks.
While humans have long been considered the weakest link in cybersecurity, that has not traditionally been the case in crypto, where technical flaws in infrastructure were responsible for most earlier thefts.
This shift shows that humans, rather than technical vulnerabilities, are increasingly becoming the pain point in cryptocurrency as well, according to Elliptic.
The conversation on this topic is live. Join in the discussion.
Bankrolling the nuclear program
North Korea, which was the most sanctioned country in the world before Russia launched its full-scale invasion of Ukraine in 2022, is believed to funnel at least some of the stolen funds to bankroll its nuclear ambitions.
Cyberattacks targeting crypto are an “important revenue source” for Pyongyang’s nuclear and ballistic missile program, United Nations investigators have previously warned.
The regime also used cyber means to seek material, technology, and know-how overseas that could help it further its nuclear program, according to the international body.
North Korea is also increasingly leveraging artificial intelligence (AI) to steal data and generate revenue for its regime, according to a recent report from Microsoft.
The tech giant urged companies to employ stricter vetting procedures for remote job applicants to avoid inadvertently hiring a North Korean hacker posing as an IT worker, a problem that has emerged across the industry.
Your email address will not be published. Required fields are markedmarked