North Korea’s state-backed hackers are having their most profitable year yet. According to blockchain analytics firm Elliptic, cybercriminals linked to Pyongyang have already stolen more than $2 billion worth of cryptocurrency in 2025, setting a new record with nearly three months still to go.
The unprecedented total nearly triples last year’s figure, bringing the regime’s known crypto theft to over $6 billion since its hackers first began targeting the digital currency world in 2017. Intelligence agencies and the United Nations say these funds are used to help bankroll North Korea’s nuclear weapons and missile programs, which are otherwise constrained by global sanctions.
“The 2025 total already dwarfs previous years and is almost triple last year’s tally, underscoring the growing scale of North Korea’s dependence on cyber-enabled theft to fund its regime,” Elliptic wrote in its latest blog post.
A Record-Breaking Hack
The biggest contributor to 2025’s staggering total was the $1.46 billion hack in February from the crypto exchange Bybit, which now ranks as one of the largest cryptocurrency thefts in history. The attackers infiltrated systems tied to an offline “cold wallet” containing 400,000 Ethereum coins.
Elliptic also linked North Korea to thefts at LND.fi, WOO X, Seedify, and more than 30 additional smaller hacks this year alone. In comparison, North Korea’s 2025 haul far exceeds its previous record of $1.35 billion in 2022, which means the regime’s hackers have shattered their own record by a wide margin.
A Shift in Strategy: From Code Exploits To Human Deception
This year has also marked a clear shift in North Korean hackers’ tactics, moving from exploiting code flaws to targeting individuals through phishing schemes, fake job offers, or impersonating trusted crypto companies to steal wallet credentials.
“The majority of the hacks in 2025 have been perpetrated through social engineering attacks, where hackers deceive or manipulate individuals to gain access to cryptocurrency,” Elliptic explained.
High-net-worth crypto holders and exchange employees are now common targets. These individuals often lack enterprise-level security, making them easier prey.
“This shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical,” the company warned.
A High-Tech Laundering Operation
Once the money is stolen, North Korea’s hackers go to great lengths to launder their crypto. Elliptic found that laundering techniques now include multiple rounds of cross-chain swaps, use of obscure blockchains, and even self-issued tokens designed to hide stolen assets.
Despite the broader arms race between blockchain investigators and state-sponsored cybercriminals, Elliptic says blockchain transparency remains a powerful tool, allowing law enforcement and compliance teams to trace transactions and block illicit deposits.
A Growing Security Concern
The United Nations estimates North Korea’s total GDP at roughly $15 billion, meaning the regime’s stolen crypto could account for as much as 13% of the country’s total economy.
Western governments warn that the stolen crypto is helping fund North Korea’s weapons programs — transforming what might look like digital theft into a serious global security concern.
Dr. Tom Robinson, Elliptic’s Chief Scientist, says the actual figure could be even higher and that attributing cyber thefts to North Korea is not an exact science.
“We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed. Other thefts are likely unreported and remain unknown,” he said.
With $2 billion stolen and counting, one thing is clear: North Korea has turned crypto theft into an industry — and its cyber army isn’t slowing down, it’s only getting smarter.
