North Korean Hackers Steal $2 Billion in Crypto So Far in 2025: Elliptic Report

North Korea’s state-backed cybercriminals have shattered previous records, stealing more than $2 billion in cryptocurrency in 2025, according to new research by blockchain analytics firm Elliptic. The report highlights a massive surge in cyber thefts, with the rogue regime increasingly relying on cryptocurrency crimes to fund its nuclear and missile programs.

What to Know

• North Korea-linked hackers have stolen more than $2 billion in crypto so far this year, Elliptic reports.
• February’s Bybit hack, valued at $1.46 billion, accounts for the bulk of this year’s losses.
• Pyongyang’s cyber units are shifting toward social engineering attacks instead of technical exploits.
• The stolen funds are believed to finance nuclear and missile development.

A Record-Breaking Year for Crypto Theft

According to Elliptic’s analysis, North Korean hackers have already surpassed all previous records for crypto theft, bringing their total haul to over $6 billion since 2017. With three months still left in the year, 2025 is shaping up to be North Korea’s most profitable hacking year to date.

The record-setting figure is largely driven by February’s $1.46 billion Bybit hack, which remains one of the largest crypto thefts in history. Elliptic has also tied additional attacks on platforms such as LND.fi, WOO X, and Seedify to North Korean cyber groups, alongside dozens of smaller-scale breaches of exchanges and DeFi protocols.

Shift Toward Human Exploitation

While early attacks often exploited smart contract bugs and exchange vulnerabilities, North Korean hackers have now pivoted toward targeting individuals through social engineering and deception.

Elliptic notes that as crypto prices rebound, wealthy investors and company executives have become prime targets. Without the advanced security systems used by institutional firms, these individuals often fall victim to phishing, fake recruitment offers, and compromised social media accounts.

“The weak point in cryptocurrency security is now human, not technological,” Elliptic explained.

This evolution reflects Pyongyang’s growing sophistication in blending psychological manipulation with advanced blockchain laundering tactics.

Laundering Tactics Grow More Complex

As global law enforcement agencies and blockchain analytics improve collaboration, North Korean cyber groups have adapted their laundering strategies to evade detection.

Following the Bybit attack, investigators observed multiple cross-chain swaps involving Bitcoin (BTC), Ethereum (ETH), BTTC, and Tron (TRX), with funds frequently routed through obscure protocols and self-issued tokens.

New laundering methods now include:

• Multiple rounds of token swaps and mixers.
• Use of lesser-known blockchains with weak monitoring systems.
• Creation of custom tokens used internally by laundering networks.

These tactics create a tangled web of transactions that significantly delay asset tracing and seizure.

International Response Intensifies

The United Nations and intelligence agencies have repeatedly warned that stolen cryptocurrency directly funds North Korea’s nuclear and ballistic missile programs, increasing international security risks.

Western nations are calling for tighter enforcement and stronger global sanctions, while major exchanges are bolstering wallet-tracking tools to prevent tainted crypto from entering circulation.

Yet despite growing global coordination, Elliptic warns that North Korea’s hacking ecosystem continues to evolve faster than regulatory frameworks can keep up.

Q&A

How much crypto has North Korea stolen so far in 2025?

Over $2 billion, according to Elliptic — making 2025 the largest year on record for North Korean crypto theft.

What was the biggest hack this year?

The Bybit hack in February 2025, worth around $1.46 billion, accounts for most of the total losses.

How does North Korea launder stolen crypto?

Through complex methods such as cross-chain swaps, mixing services, and issuing custom tokens to disguise transaction origins.

Why does North Korea steal cryptocurrency?

Funds from these cyberattacks reportedly finance Pyongyang’s weapons and nuclear programs, bypassing international sanctions.

Can these stolen funds be recovered?

Recovery is rare due to advanced laundering and jurisdictional challenges, though cooperation between exchanges and regulators has improved.