North Korean Hackers Steal Record $2 Billion in Crypto This Year

North Korean government hackers have stolen over $2 billion in cryptocurrency during 2025, according to blockchain analysis firm Elliptic. This staggering amount already surpasses the previous annual record of $1.35 billion set in 2022, with three months still remaining in the year. The regime's total cryptocurrency theft since 2017 now exceeds $6 billion, though researchers acknowledge this figure may be conservative due to unreported incidents.

Based on analysis of more than 30 separate hacking incidents this year, Elliptic's findings reveal the escalating scale and sophistication of North Korea's state-sponsored cybercrime operations.

A significant shift has emerged in North Korean hacking methods. Rather than exploiting technical vulnerabilities in cryptocurrency infrastructure, the majority of 2025 attacks have relied on social engineering — manipulating individuals to gain unauthorized access to digital assets.

This tactical evolution represents a strategic pivot that highlights how human psychology has become the weakest link in cryptocurrency security, rather than technical system flaws. The regime now increasingly targets high-net-worth individuals alongside traditional crypto exchange victims.

The year's record total was largely fueled by a massive theft from crypto exchange Bybit, where hackers stole over $1.4 billion in a single incident. The FBI and multiple blockchain monitoring firms attributed this heist to North Korean operatives, making it one of the largest cryptocurrency thefts in history.

Previous high-profile victims include play-to-earn game Axie Infinity ($625 million in 2022), crypto startup Harmony ($100 million in 2022), and crypto exchange WazirX ($235 million in 2024).

The United Nations believes Kim Jong-Un's regime uses stolen cryptocurrency proceeds to fund its nuclear weapons program, making these cybercrimes a matter of international security. The scale and consistency of these operations — with North Korea conducting systematic crypto theft campaigns annually — underscore the regime's dependence on cybercrime for sanctions evasion.

As attribution remains challenging, researchers warn that many thefts sharing North Korean operational hallmarks lack definitive evidence, suggesting the actual stolen amounts could be even higher than reported figures.