North Korea-linked hacking groups are making global headlines once again after shattering all previous records for cryptocurrency theft in 2025. According to blockchain analytics firm Elliptic, billions of dollars in digital assets have been stolen, with this year marking an unprecedented escalation in the regime’s cyber operations.
North Korea Breaks The Record For Crypto Theft In 2025
On October 7, Elliptic revealed in a blog post that North Korean hackers have stolen more than $2 billion worth of crypto assets so far in 2025. This marks the largest annual total on record, with three months remaining in the year. This figure pushes the regime’s cumulative total of known crypto thefts to over $6 billion, underscoring how deeply cybercrime has become embedded in its financial strategy.
Notably, the previous theft record, set in 2022 at $1.35 billion, now pales in comparison to this year, underscoring how the scale and boldness of North Korean cybercrime have reached new extremes. Elliptic noted that United Nations reports and intelligence agencies believe that these stolen funds are being channeled into North Korea’s nuclear weapons development and ballistic missile programs, helping sustain one of the most heavily sanctioned economies on Earth.
The true scale of the theft may be even larger, as Elliptic disclosed that not all incidents can be definitively traced back to Pyongyang, the capital city of North Korea. Blockchain forensic firms typically employ advanced analytics, laundering pattern recognition, and intelligence sources to attribute attacks. However, the opaque nature of cyber operations means that many thefts remain unreported and unattributed. Nevertheless, the confirmed theft cases already underscore an alarming acceleration in both the frequency and sophistication of North Korea’s crypto heists.
According to the blog post, this year’s staggering total was primarily driven by the February breach of crypto exchange Bybit, which alone accounted for $1.46 billion in stolen assets—the largest single crypto theft of 2025. Other major victims of similar thefts include LND.fi, WOO X, and Seedify, alongside more than thirty additional hacks attributed to North Korea by Elliptic.
Human Error Becomes The New Weakness In Security
While large crypto exchanges remain key targets, Elliptic reports that 2025 has seen a sharp rise in attacks on high-net-worth individuals. With crypto prices surging and personal wallets increasing in value, these wealthy individuals have become attractive targets, often lacking the robust cybersecurity defenses typically employed by exchanges. Some are even targeted because of their connections to crypto companies, providing hackers with potential access to larger reserves of funds.
Elliptic’s report also highlights a significant shift in North Korea’s approach to conducting its cyber operations. Most of this year’s thefts were carried out through social engineering scams—a strategy that manipulates people rather than exploits software flaws. Hackers trick victims into revealing private keys, credentials, or recovery phrases, demonstrating that human error has become the primary vulnerability in the crypto space.
