North Korean hackers have reportedly stolen over $2 billion in cryptocurrency so far in 2025, setting a record annual total for the regime’s cybercriminal operations. According to blockchain analysis firm Elliptic, this figure is based on more than 30 cyberattacks this year, with three months still left in the year. The scale of these thefts highlights the growing sophistication of North Korea’s digital operations and their increasing threat to the global crypto ecosystem.
Record-Breaking Crypto Theft
Elliptic reports that the $2 billion stolen in 2025 surpasses the previous record of $1.35 billion in 2022. Since 2017, North Korean hackers have stolen at least $6 billion in cryptocurrency, although this number may be underestimated due to unreported or unverified incidents.
The major thefts this year include the massive $1.4 billion heist from crypto exchange Bybit, which the FBI and multiple blockchain monitoring firms have attributed to North Korea. This demonstrates that the regime is targeting not just exchanges but increasingly high-net-worth individuals who hold significant amounts of digital assets.
Shift in Hacking Tactics
One of the notable trends in 2025 is the method of attacks. Elliptic notes that the majority of hacks this year were carried out through social engineering, where attackers deceive individuals to gain access to their crypto wallets. This marks a shift from previous attacks, which often relied on exploiting technical vulnerabilities in crypto exchanges and infrastructure. “The weak point in cryptocurrency security is increasingly human, rather than technical,” Elliptic stated in its blog post.
This trend highlights the urgent need for crypto users to strengthen personal security practices, such as using hardware wallets, multi-factor authentication, and careful scrutiny of phishing attempts.
Past Victims of North Korean Crypto Hacks
North Korea’s cybercriminal activities are not new. Some of the largest known crypto thefts linked to the regime include:
- Axie Infinity (2022) – $625 million
- Harmony (2022) – $100 million
- WazirX (2024) – $235 million
The Bybit heist in 2025 alone accounts for a significant portion of this year’s total, showing a clear escalation in both scale and ambition.
International Response
Governments around the world are closely monitoring North Korea’s cyber activities. The United Nations Security Council estimated that between 2017 and 2023, North Korean hackers stole roughly $3 billion in cryptocurrency. Adding Elliptic’s 2025 estimate and last year’s reported $742.8 million, the total aligns closely with the $6 billion figure attributed to the regime.
Countries including Japan, South Korea, and the United States have publicly accused North Korea of carrying out these thefts, which are believed to fund the country’s nuclear weapons program.
Why This Matters for Crypto Security
The rise of social engineering attacks by North Korean hackers underscores a critical lesson: human error is now the weakest link in cryptocurrency security. While crypto exchanges continue to improve their technical defenses, users must also take proactive measures to protect their digital assets.
Some key security tips include:
- Using cold or hardware wallets for storing large amounts of crypto
- Regularly updating passwords and using strong, unique combinations
- Enabling two-factor or multi-factor authentication
- Being vigilant against phishing scams and suspicious messages
Conclusion
North Korea’s record-breaking theft of over $2 billion in cryptocurrency in 2025 signals a dangerous evolution in global cybercrime. With hackers shifting their focus from technical flaws to human vulnerabilities, both exchanges and individual crypto holders are at risk.
Elliptic’s report serves as a reminder that cryptocurrency users need to stay alert, prioritize security, and remain informed about the latest threats in the rapidly evolving digital landscape.
As the year closes, it remains uncertain how much higher North Korea’s crypto theft total may rise, but one thing is clear: the threat from state-sponsored cybercrime has never been more serious.
