North Korean Hackers Break Record with $2 Billion in Crypto Theft in 2025

North Korean state-sponsored hackers have stolen over $2 billion in cryptocurrency so far in 2025, according to a new report by blockchain analytics firm Elliptic. The figure, based on more than 30 separate hacks, marks the highest annual total ever recorded—with three months still remaining in the year. Elliptic warns that the actual amount may be even higher, noting that “attributing cyber thefts to North Korea is not an exact science” and that many incidents likely remain unreported or lack definitive attribution.

The report highlights a significant shift in tactics. While previous attacks often exploited technical vulnerabilities in crypto infrastructure, the majority of this year’s thefts were carried out through social engineering. “Hackers deceive or manipulate individuals in order to gain access to cryptocurrency,” Elliptic wrote. “This shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical.” The regime’s targets remain largely crypto exchanges, but hackers are now also pursuing high-net-worth individuals with substantial digital assets.

Elliptic’s findings align with estimates from other organizations, including the United Nations Security Council, which previously calculated that North Korean hackers stole $3 billion in crypto between 2017 and 2023. Adding last year’s $742.8 million and this year’s $2 billion brings the total close to $6 billion. The largest single theft in 2025—over $1.4 billion—was from crypto exchange Bybit, an incident attributed to North Korea by the FBI and several blockchain researchers. Other notable victims over the years include Axie Infinity ($625 million in 2022), Harmony ($100 million in 2022), and WazirX ($235 million in 2024). The United Nations believes the stolen funds are used to support North Korea’s nuclear weapons program.