Short answer: North Korean-linked hacking groups have stolen an unprecedented sum exceeding $2 billion in various crypto assets throughout 2025, marking the largest annual total on record. This significant figure, reported by blockchain analytics firm Elliptic, underscores the regime’s escalating reliance on cybercrime to fund its illicit weapons programs, bypassing stringent international sanctions. The majority of these attacks now leverage sophisticated social engineering tactics, targeting individuals rather than solely exploiting technical vulnerabilities.

In 2025, North Korean state-sponsored hackers achieved a grim milestone, pilfering over $2 billion in cryptocurrency, according to an early October report by blockchain analytics firm Elliptic. This record-breaking sum represents the largest annual total ever recorded for such illicit activities, with three months still remaining in the year. The cumulative known value of crypto assets stolen by the North Korean regime since 2017 now surpasses an astonishing $6 billion, highlighting a persistent and growing threat.

The primary perpetrator behind these extensive thefts is identified as the Lazarus Group, also known by aliases such as TraderTraitor and APT38. This highly sophisticated state-sponsored hacking organization is widely believed to be directly backed by the North Korean government. Their operations are critical for financing the nation’s prohibited nuclear weapons and ballistic missile programs, providing a vital source of foreign currency amidst severe international sanctions.

A single incident significantly inflated 2025’s total: a massive theft in February where approximately $1.46 billion was stolen from the cryptocurrency exchange Bybit. This specific heist, which some sources place closer to $1.5 billion, accounts for a substantial portion of the record-setting funds. Elliptic has further attributed over 30 additional hacks to North Korean actors throughout the year, demonstrating a sustained and broad campaign against the crypto ecosystem.

This year’s staggering total far exceeds previous records. It nearly triples the amount stolen in 2024, which was estimated to be between $700 million and $1.3 billion. Furthermore, it significantly surpasses the previous annual high of $1.35 billion set in 2022. Other notable victims of North Korean cyberattacks in 2025 include platforms like LND.fi, WOO X, and Seedify, illustrating the diverse range of targets.

A critical shift in the hackers’ methodology has been observed. While large cryptocurrency exchanges remain targets, there’s a growing focus on high-net-worth individuals. The majority of successful attacks in 2025 have leveraged sophisticated social engineering tactics, such as phishing campaigns, fake job offers, and various forms of manipulation. This signifies that the “weak point in cryptocurrency security is increasingly human, rather than technical,” as noted by Elliptic, marking an evolution from purely technical exploits.

North Korean hackers continue to employ advanced and complex strategies to launder their stolen funds, obscuring the origins of the illicit gains. These techniques include multiple rounds of mixing, cross-chain transactions, and the utilization of obscure blockchains with limited analytics coverage. They also exploit