North Korean Hackers Steal Over $2 Billion in Cryptocurrency in 2025
Blockchain analysis firm Elliptic has disclosed that hackers affiliated with the North Korean government have stolen more than $2 billion in cryptocurrency so far in 2025. This figure represents the largest annual total on record, with three months still remaining in the year.
The estimate is based on over 30 separate cyber thefts attributed to North Korean-linked actors during the year, surpassing the previous record of $1.35 billion stolen in 2022. Since 2017, the total amount stolen by the regime is believed to be at least $6 billion, though Elliptic cautions this may be an underestimate.
“The actual figure may be even higher. Attributing cyber thefts to North Korea is not an exact science,” Elliptic stated. “We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed. Other thefts are likely unreported and remain unknown.”
Evolving Attack Methods: From Technical Exploits to Social Engineering
Elliptic’s findings highlight a significant shift in the modus operandi of North Korean hackers. While earlier attacks frequently exploited technical vulnerabilities within cryptocurrency infrastructure, the majority of 2025 hacks have relied on social engineering tactics.
These social engineering attacks involve deceiving or manipulating individuals to gain unauthorized access to crypto assets. This change underscores that the primary weakness in cryptocurrency security is increasingly human rather than technological.
North Korea continues to focus on crypto exchanges as prime targets but has expanded its scope to include high-net-worth individuals with significant cryptocurrency holdings.
Notable Thefts and International Response
The record-breaking thefts in 2025 were largely driven by the massive $1.4 billion hack of crypto exchange Bybit. The FBI, alongside blockchain monitoring firms, has attributed this attack to North Korean operatives.
Other significant victims over recent years include play-to-earn game Axie Infinity, which lost $625 million in 2022; crypto startup Harmony, targeted for $100 million in 2022; and crypto exchange WazirX, hacked for $235 million in 2024.
Governments including Japan, South Korea, and the United States have collectively accused North Korean hackers of stealing more than $659 million in 2024 alone, figures consistent with Elliptic’s assessments.
The United Nations Security Council estimates that between 2017 and 2023, North Korea stole approximately $3 billion in cryptocurrency. Adding the 2024 and 2025 figures brings the total close to $6 billion.
International authorities warn that the stolen cryptocurrency is likely funneled into North Korea’s nuclear weapons program, funding its ongoing military ambitions under Kim Jong-Un’s regime.
FinOracleAI — Market View
The escalating scale and sophistication of cryptocurrency thefts linked to North Korea represent a growing challenge for the digital asset ecosystem. The shift towards social engineering highlights the urgent need for enhanced user education and security protocols around human factors in crypto custody.
- Opportunities: Improved security awareness and multi-factor authentication can mitigate social engineering risks.
- Risks: Continued large-scale thefts could undermine investor confidence and regulatory scrutiny may increase.
- Market Impact: Crypto exchanges and custodial services may face heightened operational costs to combat evolving threats.
- Geopolitical Concerns: Stolen funds supporting nuclear programs increase international tensions and sanctions risks.
Impact: The persistent and growing threat of North Korean crypto thefts poses significant security and geopolitical risks, necessitating stronger defenses and international cooperation.
