North Korea-backed threat actors have been making headlines for their extensive cryptocurrency theft, with the latest blockchain analysis revealing that they have stolen over $2 billion in digital assets this year alone. This staggering figure is the largest annual tally for North Korean hackers, surpassing last year’s total with three months still left in 2025. In total, they have stolen more than $6 billion in cryptocurrency to fund the country’s missile and nuclear weapons programs, according to London-based blockchain analysis firm Elliptic.
The spike in losses this year can be largely attributed to the $1.46 billion theft from cryptocurrency exchange Bybit in February. Other notable attacks linked to North Korea in 2025 include those on LND.fi, WOO X, and Seedify, with Elliptic identifying over 30 additional hacks carried out by North Korean hackers so far this year. This year’s total tripled last year’s figure and surpassed the previous record of $1.35 billion in 2022, which was the result of attacks on Ronin Network and Harmony Bridge.
While cryptocurrency exchanges remain a prime target for these hackers, high-net-worth individuals are increasingly becoming victims of social engineering attacks. Elliptic noted that the majority of hacks in 2025 involve manipulation or deception of individuals to gain access to their cryptocurrency, marking a shift from previous attacks that exploited technical flaws in crypto infrastructure. This shift underscores the growing vulnerability of human factors in cryptocurrency security.
Despite blockchain’s inherent transparency, North Korean hackers are adopting more sophisticated techniques to launder stolen funds and cover their tracks. Elliptic highlighted several advanced cryptocurrency laundering methods being employed by these threat actors, including multiple rounds of mixing and cross-chain transactions, utilization of obscure blockchains with limited analytics coverage, exploitation of refund addresses to redirect assets, and the creation and trading of tokens issued by laundering networks.
As North Korean hackers continue to evolve their tactics and evade detection, the cryptocurrency community faces an ongoing challenge in combating these illicit activities. The rise in stolen funds highlights the need for enhanced security measures and greater vigilance among cryptocurrency users to protect their assets from sophisticated cyber threats.