North Korean government-backed hackers are making headlines again, and for all the wrong reasons. According to a new report from blockchain analysis firm Elliptic, these hackers have stolen more than $2 billion in cryptocurrency so far in 2025—a staggering figure that already surpasses previous records, with three months still left in the year. The scale of these thefts is so significant that it now accounts for roughly 13% of North Korea’s estimated gross domestic product, according to United Nations figures cited by BBC News.
It’s not just the eye-popping sums that are raising eyebrows. The way North Korea’s hackers operate has evolved in recent years, shifting from exploiting technical vulnerabilities in crypto infrastructure to focusing on social engineering attacks. As Elliptic’s October 7, 2025 blog post explains, the majority of hacks this year have involved deceiving or manipulating individuals, rather than cracking code. "This marks a shift from earlier attacks where in many cases technical flaws in crypto infrastructure were exploited to steal funds. This shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical," Elliptic wrote.
For years, hacking groups like the infamous Lazarus Group have targeted crypto exchanges and blockchain startups, orchestrating some of the biggest digital heists in history. But 2025 has seen a new trend: high-net-worth individuals are increasingly in the crosshairs. As Dr. Tom Robinson, chief scientist at Elliptic, told BBC News, “Wealthy crypto individuals have become increasingly attractive targets as they often lack the security measures employed by businesses.” That’s a chilling thought for anyone holding a large stash of digital tokens.
Investigators and security agencies in the West, including those from Japan, South Korea, and the United States, agree on the gravity of the situation. They estimate that North Korean hackers stole more than $659 million in cryptocurrency in 2024 alone, a figure that aligns closely with Elliptic’s own research. The United Nations Security Council has previously estimated that North Korean hackers stole $3 billion in cryptocurrency between 2017 and 2023. When you add last year’s $742.8 million and this year’s record haul, the regime’s total since 2017 rises to at least $6 billion. And even that might be an underestimate.
“The actual figure may be even higher. Attributing cyber thefts to North Korea is not an exact science,” Elliptic cautioned in its blog post. “We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed. Other thefts are likely unreported and remain unknown.” Dr. Robinson echoed this uncertainty, telling BBC News, “Other thefts are likely unreported and remain unknown as attributing cyber thefts to North Korea is not an exact science.”
North Korea’s government, for its part, has routinely denied any involvement in these hacks. When approached for comment by BBC News, the country’s UK embassy did not respond. In the past, the regime has flatly rejected allegations of cybercrime, despite mounting evidence to the contrary.
So, how do researchers know where the money is going? Firms like Elliptic and Chainalysis use the inherent transparency of blockchain technology to track the movement of stolen funds, following public records of transactions for cryptocurrencies like Bitcoin and Ethereum. Over time, they’ve identified recurring patterns and digital fingerprints that point to North Korean involvement—though, as both Elliptic and Dr. Robinson are quick to note, definitive attribution remains a challenge.
The impact of these cyberheists goes beyond the crypto community. According to Western security agencies, the stolen funds are believed to bankroll North Korea’s nuclear weapons and missile development programs. The United Nations has repeatedly warned that such illicit activity helps the regime skirt international sanctions and continue its weapons buildup, despite global condemnation.
2025’s record-breaking year was supercharged by a single, massive theft: the February hack of crypto exchange Bybit, which saw over $1.4 billion vanish in one swoop. The FBI and several blockchain monitoring firms have attributed this attack to North Korea, making it the largest crypto theft of the year by far. But Bybit wasn’t alone. In July, an attack on the WOO X exchange resulted in $14 million stolen from just nine users. Another hack targeted Seedify, siphoning off $1.2 million in digital coins. Elliptic has also worked privately with victims of other attacks, with losses ranging from tens to hundreds of millions of dollars. The largest single theft from an individual this year? A jaw-dropping $100 million.
This year’s activity leaves previous records in the dust. In 2022, North Korea-linked hackers were accused of stealing $1.35 billion—a figure that now seems almost modest by comparison. Other headline-grabbing heists from recent years include $625 million stolen from the play-to-earn game Axie Infinity in 2022, $100 million from crypto startup Harmony that same year, and $235 million from crypto exchange WazirX in 2024. According to TechCrunch, these attacks collectively illustrate the regime’s long-term strategy: relentless targeting of the digital asset ecosystem, wherever the vulnerabilities may lie.
There’s another twist to North Korea’s digital crime spree. In addition to its cybercrime operations, the regime is increasingly accused of running a fake IT workers program. By posing as legitimate freelance tech workers, North Korean operatives reportedly earn foreign currency and skirt international sanctions, adding yet another layer to the country’s elaborate efforts to generate cash from the global digital economy.
It’s hard to overstate the impact of these thefts on the global cryptocurrency industry and on the individuals who fall victim. While large exchanges and crypto businesses have ramped up security over the years, individuals—especially those sitting on substantial digital fortunes—often lack the sophisticated protections of institutional players. As a result, they’ve become prime targets for phishing, social engineering, and other deceptive tactics that bypass technical safeguards entirely.
What’s next for North Korea’s hacking operations? If recent trends are any indication, the regime is unlikely to slow down. With billions already stolen, a proven track record of evolving tactics, and little sign of international pressure curbing its ambitions, North Korea’s digital thieves remain a formidable threat. The cryptocurrency world, for its part, faces a stark reality: as long as vast sums can be moved with the click of a button—and as long as some users remain vulnerable to deception—the cat-and-mouse game of cybercrime is far from over.
For now, the numbers speak for themselves. With more than $2 billion stolen in 2025 alone and the cumulative tally topping $6 billion, North Korea’s hackers have cemented their reputation as some of the most prolific—and persistent—digital thieves on the planet.
