North Korean Hackers Steal Over $2 Billion in Crypto in 2025, Marking Record Year of Cyber Theft

North Korea-linked hacking groups have looted more than $2 billion in cryptocurrency so far in 2025, according to a new report from blockchain analytics firm Elliptic.

The staggering figure, the largest annual total ever recorded, highlights Pyongyang’s increasing reliance on crypto theft as a source of state funding, with three months still remaining in the year.

Elliptic’s latest data suggests that cybercrime has become central to North Korea’s financial survival, particularly as international sanctions continue to restrict trade and access to global markets. Both the United Nations and multiple intelligence agencies have linked the stolen digital assets to the country’s nuclear and ballistic missile programs, underscoring the geopolitical threat posed by these operations.

The firm estimates that since 2017, North Korean hackers have collectively stolen over $6 billion from the crypto industry.

Bybit Breach Leads a Year of Mega Hacks

The 2025 total is dominated by February’s $1.46 billion Bybit exchange breach, one of the largest single crypto hacks in history. That attack alone accounted for more than two-thirds of the year’s losses.

Elliptic also traced multiple other major intrusions to North Korea, including those targeting LND.fi, WOO X, and Seedify, along with over 30 smaller incidents involving decentralized finance (DeFi) protocols and lesser-known trading platforms.

The $2 billion tally nearly triples 2024’s total and far exceeds the previous record of $1.35 billion set in 2022, a year marked by the Ronin Network and Harmony Bridge exploits.

Human Weakness: The New Frontline in Crypto Security

Elliptic’s analysis shows a clear evolution in North Korea’s hacking strategy. While large, centralized exchanges remain prime targets, attackers are increasingly focusing on individuals and company executives, particularly high-net-worth crypto holders.

With crypto markets recovering sharply in 2025, these private wallets and small-scale custodians have become especially attractive targets, often lacking the multi-layered defenses of institutional platforms.

“The weak point in cryptocurrency security is now human, not technological,” Elliptic warned, noting that social engineering attacks, from phishing campaigns to impersonation scams – are now a primary tool of state-backed hacking units.

Read More:

A Growing Threat to Global Financial Stability

Experts warn that these operations not only fund North Korea’s weapons ambitions but also destabilize global crypto markets by injecting tainted funds into legitimate exchanges. Western intelligence officials have called for tighter international cooperation to track and freeze stolen assets before they can be laundered through mixers and DeFi protocols.

With Elliptic’s report indicating that 2025 may still not be over for crypto-related cybercrime, the scale and sophistication of North Korea’s hacking apparatus are likely to remain a top concern for both regulators and blockchain security firms worldwide.