North Koreaโs state-backed hackers are having their most profitable year yet. According to blockchain analytics firm Elliptic, cybercriminals linked to Pyongyang have already stolen more than $2 billion worth of cryptocurrency in 2025, setting a new record with nearly three months still to go.
The unprecedented total nearly triples last yearโs figure, bringing the regimeโs known crypto theft to over $6 billion since its hackers first began targeting the digital currency world in 2017. Intelligence agencies and the United Nations say these funds are used to help bankroll North Koreaโs nuclear weapons and missile programs, which are otherwise constrained by global sanctions.
โThe 2025 total already dwarfs previous years and is almost triple last yearโs tally, underscoring the growing scale of North Koreaโs dependence on cyber-enabled theft to fund its regime,โ Elliptic wrote in its latest blog post.
A Record-Breaking Hack
The biggest contributor to 2025โs staggering total was the $1.46 billion hack in February from the crypto exchange Bybit, which now ranks as one of the largest cryptocurrency thefts in history. The attackers infiltrated systems tied to an offline โcold walletโ containing 400,000 Ethereum coins.
Elliptic also linked North Korea to thefts at LND.fi, WOO X, Seedify, and more than 30 additional smaller hacks this year alone. In comparison, North Koreaโs 2025 haul far exceeds its previous record of $1.35 billion in 2022, which means the regimeโs hackers have shattered their own record by a wide margin.
A Shift in Strategy: From Code Exploits To Human Deception
This year has also marked a clear shift in North Korean hackers’ tactics, moving from exploiting code flaws to targeting individuals through phishing schemes, fake job offers, or impersonating trusted crypto companies to steal wallet credentials.
โThe majority of the hacks in 2025 have been perpetrated through social engineering attacks, where hackers deceive or manipulate individuals to gain access to cryptocurrency,โ Elliptic explained.
High-net-worth crypto holders and exchange employees are now common targets. These individuals often lack enterprise-level security, making them easier prey.
โThis shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical,โ the company warned.
A High-Tech Laundering Operation
Once the money is stolen, North Koreaโs hackers go to great lengths to launder their crypto. Elliptic found that laundering techniques now include multiple rounds of cross-chain swaps, use of obscure blockchains, and even self-issued tokens designed to hide stolen assets.
Despite the broader arms race between blockchain investigators and state-sponsored cybercriminals, Elliptic says blockchain transparency remains a powerful tool, allowing law enforcement and compliance teams to trace transactions and block illicit deposits.
A Growing Security Concern
The United Nations estimates North Koreaโs total GDP at roughly $15 billion, meaning the regimeโs stolen crypto could account for as much as 13% of the countryโs total economy.
Western governments warn that the stolen crypto is helping fund North Koreaโs weapons programs โ transforming what might look like digital theft into a serious global security concern.
Dr. Tom Robinson, Ellipticโs Chief Scientist, says the actual figure could be even higher and that attributing cyber thefts to North Korea is not an exact science.
โWe are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed. Other thefts are likely unreported and remain unknown,โ he said.
With $2 billion stolen and counting, one thing is clear: North Korea has turned crypto theft into an industry โ and its cyber army isnโt slowing down, itโs only getting smarter.
