North Korean Hackers Steal Record $2 Billion in Cryptocurrency in 2025
North Korean hackers have stolen more than $2 billion in cryptocurrency during the first nine months of 2025, marking the largest annual total on record for the regime, according to blockchain analysis firm Elliptic.
This staggering figure represents a significant surge compared to previous years, with the total amount stolen by North Korean threat actors since 2017 surpassing $6 billion. The 2025 theft tally is nearly triple the total stolen during 2024 and eclipses the previous annual record of $1.35 billion set in 2022.
The most notable heist fueling this record amount was the $1.46 billion theft from cryptocurrency exchange Bybit in February 2025. The FBI has confirmed North Korea’s responsibility for this incident, designating the malicious cyber group as “TraderTraitor,” and has urged blockchain firms and exchanges to block transactions originating from addresses linked to the attack.
Other attacks and targets
Beyond the Bybit incident, North Korean hackers have been implicated in more than 30 other crypto-related intrusions this year. These include notable thefts from LND.fi, WOO X, and Seedify, among others. In one attack on the WOO X exchange, $14 million was stolen from nine users.
While cryptocurrency exchanges remain the primary targets, Elliptic reports a shift in hacking tactics and targets. High-net-worth individual cryptocurrency holders are increasingly falling victim to these attacks. Furthermore, techniques have evolved from exploiting technical vulnerabilities in crypto infrastructure to social engineering methods that manipulate individuals to gain access to their assets.
Impact on North Korean regime
The crypto thefts provide a substantial source of revenue for the isolated North Korean economy. Experts believe these stolen funds help finance the country’s ongoing missile and nuclear weapons development programs, circumventing international sanctions and financial barriers.
Aside from large-scale hacks, North Korea also employs clandestine IT workers embedded within foreign companies across multiple sectors including AI, fintech, healthcare, and government organizations. This strategy not only supplies funding but also allows access to sensitive data that may be leveraged for ransomware or intelligence purposes.
Future outlook
Elliptic cautions that the actual sum stolen by North Korean hackers may be even higher due to attribution challenges and unreported incidents. The firm uses a combination of blockchain analytics, laundering pattern recognition, and intelligence sources to assign responsibility, but the opaque nature of cybercrime means some thefts remain unattributed.
As North Korea continues to intensify its cyber-enabled financial crimes, both public and private sectors worldwide are urged to strengthen defenses, collaborate on intelligence sharing, and implement rigorous anti-money laundering measures to disrupt these illicit operations.
Authorities and cybersecurity experts remain vigilant as the cyberfront of geopolitical conflicts expands, with cryptocurrencies playing a pivotal role in funding state-sponsored illicit activities.