Hackers linked to North Korea have stolen more than $2 billion in cryptocurrency so far in 2025, setting a new annual record with three months still left in the year.
According to blockchain analytics firm Elliptic, this brings the cumulative total stolen by the regime to over $6 billion.
These crypto thefts are believed to be a key funding source for North Korea’s nuclear weapons and missile programs, a claim supported by the United Nations and multiple government agencies.
Attributing cyber theft to North Korea is complex. Experts rely on blockchain data, laundering patterns, and intelligence sources.
Many hacks exhibit characteristics of North Korea-linked activity but lack sufficient evidence for definitive attribution. Others go unreported entirely.
This year’s staggering total is driven by major incidents such as February’s $1.46 billion theft from crypto exchange Bybit. Other victims in 2025 include LND.fi, WOO X, and Seedify, with Elliptic linking more than 30 other hacks to North Korea so far this year.
The total is almost triple last year’s amount and far exceeds the previous record of $1.35 billion in 2022.
While crypto exchanges remain the main targets, an increasing number of victims are high-net-worth individuals, who are often less protected than institutional players.
Many are targeted due to personal or professional ties to companies holding large volumes of cryptoassets.
A notable shift in tactics has also emerged. Most 2025 attacks were carried out through social engineering, rather than exploiting technical flaws, highlighting how humans have become the weakest link in cybersecurity.
Despite these challenges, blockchain’s inherent transparency means illicit activity doesn’t go unnoticed.
Every stolen asset leaves a trace that can be tracked and analyzed, but post-tracking, a very few bad actors are imprisoned or detained by authorities.