North Korean Hackers Have Stolen Over $2 Billion This Year: Elliptic

North Korea-linked hacking groups have stolen more than $2 billion worth of crypto assets so far this year, according to a new analysis from blockchain forensics firm Elliptic, the largest annual total ever recorded, and with three months of 2025 still to ￰0￱ new data underscores Pyongyang’s growing dependence on cyber-enabled theft to fund its weapons ￰1￱ to the United Nations and multiple intelligence agencies , proceeds from these hacks are used to finance North Korea’s nuclear and ballistic missile development. “The scale of crypto theft attributed to North Korea this year is unprecedented — and a clear indication of how deeply the regime depends on cybercrime,” Elliptic said in its report shared with CoinDesk.

Elliptic’s findings bring the total known crypto theft attributed to North Korea to more than $6 billion since the regime’s hacking operations began targeting the crypto sector around ￰2￱ Hack Drives Record Year The 2025 figure is dominated by February’s $1.46 billion hack of the Bybit exchange , one of the largest crypto thefts on ￰3￱ has also attributed attacks against LND. fi, WOO X, and Seedify to North Korea this year, along with more than 30 additional incidents involving smaller exchanges and DeFi ￰4￱ $2 billion total nearly triples last year’s tally and surpasses the previous record of $1.35 billion set in 2022, when North Korea-linked actors were behind major breaches of Ronin Network and Harmony ￰5￱ Towards Social Engineering While centralized exchanges remain a prime target, Elliptic noted a strategic shift toward attacks on individuals, particularly high-net-worth crypto holders and company ￰6￱ crypto prices rebounding in 2025, such targets have become increasingly lucrative, often lacking the robust security infrastructure of institutional platforms.

“The weak point in cryptocurrency security is now human, not technological,” Elliptic ￰7￱ shift has seen hackers rely more on deception than code exploits, using tactics like phishing, fake job offers, and compromised social media accounts to gain access to wallets and private keys. A Crypto-Laundering Arms Race As blockchain analytics and law enforcement collaboration have improved, North Korea’s laundering operations have become more complex, Elliptic ￰8￱ the Bybit breach, investigators traced multiple rounds of cross-chain swaps between Bitcoin, Ethereum, BTTC and Tron — often using obscure protocols and self-issued tokens to disguise ￰9￱ laundering methods include multiple rounds of mixing, using obscure blockchains and creating new tokens issued directly by laundering networks.