North Korean Hackers Steal Over $2 Billion in 2025
Cybersecurity researchers have revealed that North Korean hackers have stolen more than $2 billion worth of cryptocurrencies in 2025 alone — marking a new all-time high for state-sponsored cybercrime. The surge in thefts, primarily targeting high-net-worth crypto holders, has pushed the estimated total stolen by Pyongyang-linked groups to over $6 billion since their operations began.
According to Elliptic, a leading blockchain analytics firm, the staggering figure represents approximately 13% of North Korea’s gross domestic product (GDP), as estimated by the United Nations. Experts warn that this growing trend demonstrates how the regime continues to exploit the digital asset ecosystem to fund its nuclear weapons and missile programs.
Shift From Corporate Targets to Individuals
Historically, North Korean cyber units such as the Lazarus Group have focused on large-scale breaches of cryptocurrency exchanges and blockchain platforms. However, analysts now report a strategic shift toward wealthy individual crypto investors, who often lack the robust cybersecurity infrastructure of major institutions.
Dr. Tom Robinson, Chief Scientist at Elliptic, explained that this new focus makes detection and attribution more difficult.
“These attacks are less likely to be reported publicly, meaning the true scope of North Korean cyber theft could be much higher,” Robinson said. “We’ve identified numerous cases that show clear indicators of North Korean involvement but lack the concrete evidence to make definitive attributions.”
The UK Embassy of North Korea did not respond to requests for comment, though the regime has consistently denied any connection to hacking activities.
Tracing the Digital Trail
Blockchain intelligence firms such as Elliptic and Chainalysis have played a critical role in uncovering North Korea’s crypto crime network. By analyzing blockchain transactions — which are publicly visible — investigators can trace the flow of stolen Bitcoin, Ethereum, and other digital assets across wallets and exchanges.
These firms have documented distinctive patterns, tools, and tactics repeatedly used by North Korean operatives, allowing researchers to connect various attacks back to state-linked entities. The 2025 spike, they note, represents an unprecedented escalation in both volume and sophistication.
Major Crypto Heists in 2025
This year’s record-breaking thefts include several high-profile incidents attributed to North Korea:
- ByBit Hack (February 2025): The largest single attack of the year, resulting in the theft of $1.4 billion in digital assets.
- WOO X Breach (July 2025): Hackers stole $14 million across nine user accounts.
- Seedify Incident: Another cyberattack led to a loss of $1.2 million in tokens.
Elliptic reports that dozens of other attacks, many unpublicized, have targeted both companies and individuals, with losses ranging from tens to hundreds of millions of dollars. The largest theft from an individual this year reached an astonishing $100 million.
These operations have already surpassed the regime’s previous record from 2022, when North Korean-linked hackers were accused of stealing $1.35 billion in total.
The Economic and Geopolitical Impact
While North Korea does not release official GDP data, UN estimates suggest the country’s total economic output in 2024 was around $15.17 billion. That makes the stolen crypto in 2025 alone equal to a significant share of its annual economy — underscoring how critical cybercrime has become to the regime’s survival under international sanctions.
Western intelligence agencies believe the stolen funds are being laundered through decentralized finance (DeFi) platforms, mixing services, and Asian-based exchanges with weak regulatory oversight. Once cleaned, the money reportedly supports nuclear development, military modernization, and other sanctioned state projects.
Fake IT Workers and Sanctions Evasion
Beyond direct theft, investigators say North Korea is increasingly deploying fraudulent IT workers who pose as remote contractors for global tech firms. These fake freelancers earn legitimate income in cryptocurrency, further bolstering the regime’s financial resources while bypassing sanctions.
Analysts warn that this dual approach — cyber theft combined with deceptive employment schemes — highlights the adaptability and global reach of North Korean cyber operations.
A Growing Threat to Global Crypto Security
With North Korean hackers becoming more advanced, cybersecurity experts urge crypto investors to strengthen their defenses. Using hardware wallets, multi-factor authentication, and cold storage solutions can help protect assets from state-sponsored attacks.
Dr. Robinson cautioned that the international community must act swiftly:
“Unless nations and crypto platforms coordinate to close security loopholes, North Korea will continue to exploit the weakest points in the system.”
As the digital asset market expands, so too does its vulnerability — and North Korea’s hackers appear determined to capitalize on it.
