North Korean hackers have stolen an estimated two billion dollars worth of cryptocurrency assets in 2025, making it the largest annual total on record.
This brings the total confirmed amount stolen by North Korean cybercriminals to more than $6 billion, according to new research from blockchain analytics firm Elliptic.
The stolen funds are believed to be used to finance North Korea’s nuclear weapons program, according to the United Nations and various government agencies. Elliptic says the 2025 total is nearly three times higher than in 2024 and far surpasses the previous record of 1.35 billion dollars set in 2022, which included major breaches like the Ronin Network and Harmony Bridge hacks.
“The 2025 total already dwarfs previous years and is almost triple last year’s tally, underscoring the growing scale of North Korea’s dependence on cyber-enabled theft to fund its regime,” Elliptic commented.
The largest portion of the 2025 total comes from the Bybit hack in February, when attackers stole around 1.46 billion dollars. Elliptic attributed 30 crypto heists to North Korean groups this year, based on blockchain data, laundering patterns, and intelligence analysis.
Other confirmed breaches include LND.fi, WOO X, Seedify, and the Taiwanese exchange BitoPro, where the Lazarus Group reportedly stole around 11 million dollars in cryptocurrency.
Elliptic notes that the actual figures could be even higher, as many incidents go unreported or remain unverified. Discrepancies between different research firms highlight the challenge of accurately measuring cyber theft. For example, Chainalysis estimated that over 1.3 billion dollars were stolen by North Korean hackers in 2024.
A major shift in 2025 has been the hackers’ growing focus on individuals holding large crypto assets or employees of exchanges, often through social engineering attacks instead of exploiting DeFi vulnerabilities.
Their laundering tactics have also evolved, now involving multiple mixing services, cross-chain transfers, obscure blockchains, custom tokens, and refund address exploitation to conceal stolen funds.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Despite these advanced evasion methods, Elliptic says blockchain transparency still helps investigators trace stolen assets, making it difficult for hackers to hide large-scale thefts for long.
