North Korean Hackers Steal Over $2 Billion in Cryptocurrency in 2025, Researchers Reveal

This year, North Korean hackers are reported to have stolen over $2 billion in cryptocurrency, according to blockchain analysis firm Elliptic.

On Tuesday, Elliptic published a blog post outlining this estimate, which they claim is the “largest annual total on record, with three months remaining,” resulting from more than 30 hacks throughout the year.

The previous record of $1.35 billion was set in 2022. Since 2017, the regime is estimated to have stolen at least $6 billion in cryptocurrency, and Elliptic suggests that this number could potentially be an undercount.

“The true amount may be higher. Attributing cyber thefts to North Korea is not an exact science,” the blog states.

“There are numerous thefts that display traits of North Korean operations but lack enough evidence for definitive attribution. It is likely that other thefts remain unreported and hidden,” Elliptic remarked.

Elliptic emphasized that North Korea’s main targets are still cryptocurrency exchanges, but hackers are increasingly shifting their focus to “high-net-worth individuals” holding substantial amounts of crypto.

Additionally, the company pointed out a recent trend.

“Most of the hacks in 2025 have been carried out through social engineering attacks, where hackers deceive or manipulate individuals to gain access to cryptocurrency,” the blog post reveals. “This marks a transition from earlier attacks that primarily exploited technical weaknesses in crypto systems. The evolving landscape highlights that the primary vulnerabilities in cryptocurrency security are becoming increasingly human-centric rather than technical.”

Elliptic’s estimates coincide with findings from other organizations. Last year, the United Nations Security Council estimated that North Korean hackers stole $3 billion in cryptocurrency from 2017 to 2023. With Elliptic’s current estimate of $2 billion for this year and last year’s $742.8 million, the total is approaching $6 billion.

Authorities in Japan, South Korea, and the United States have accused North Korean hackers of pilfering over $659 million in 2024, closely aligning with Elliptic’s data.

The United Nations believes that the regime led by Kim Jong-Un uses the stolen cryptocurrency to fund its nuclear weapons program.

This year’s record theft is largely attributed to the massive heist of more than $1.4 billion from the crypto exchange Bybit, which has been connected to North Korean hackers by the FBI and various blockchain monitoring firms and researchers.

Other significant victims of North Korea’s cyberattacks in the cryptocurrency sector include play-to-earn game Axie Infinity ($625 million in 2022), crypto startup Harmony ($100 million in 2022), and crypto exchange WazirX ($235 million in 2024), among others.