• North Korean hackers have stolen over $2 billion in cryptocurrency this year, nearly triple last year’s total with months remaining.
  • The regime increasingly targets wealthy individuals through social engineering rather than exploiting technical vulnerabilities in exchanges.
  • Stolen funds finance Pyongyang’s nuclear and missile programs, raising national security concerns as laundering methods grow more sophisticated.

Record-Breaking Theft Spree

North Korea-linked hacking groups have looted more than $2 billion worth of crypto assets so far in 2025, according to blockchain forensics firm Elliptic. The staggering figure represents the largest annual total ever recorded—and there are still three months left in the year.

The 2025 total is dominated by February’s $1.46 billion hack of the Bybit exchange, one of the largest crypto thefts on record. The FBI confirmed North Korea’s responsibility for the breach, which they dubbed “TraderTraitor.” Elliptic also attributed attacks against LND.fi, WOO X, and Seedify to North Korea this year, along with more than 30 additional incidents involving smaller exchanges and DeFi platforms.

The $2 billion total nearly triples last year’s tally and surpasses the previous record of $1.35 billion set in 2022, when North Korea-linked actors breached Ronin Network and Harmony Bridge.

Shifting Tactics: From Tech to People

Freedom-Loving Beachwear by Red Beach Nation - Save 10% With Code RVM10

MORE NEWS: Beef Prices Hit Record Highs as Parasite Closes Border

While centralized exchanges remain prime targets, Elliptic noted a strategic shift toward attacks on individuals, particularly high-net-worth crypto holders and company executives. With crypto prices rebounding in 2025, such targets have become increasingly lucrative, often lacking the robust security infrastructure of institutional platforms.

The weak point in cryptocurrency security is now human, not technological,” Elliptic warned. The majority of hacks in 2025 have been perpetrated through social engineering attacks, where hackers deceive or manipulate individuals to gain access to cryptocurrency.

In September 2025, SBI Crypto reportedly suffered a $21 million hack attributed to the Lazarus Group, North Korea’s elite hacking collective. Blockchain analyst ZachXBT identified suspicious outflows on September 24, with approximately $21 million in Bitcoin, Ethereum, and other cryptocurrencies routed through instant exchanges before being deposited into Tornado Cash, a crypto mixer frequently used for laundering.

Fake Jobs and Malware Campaigns

North Korean operatives have expanded beyond traditional hacking to infiltrate crypto companies directly. The U.S. Department of Justice indicted 14 North Korean nationals who obtained employment as remote IT workers at U.S. companies, generating more than $88 million by stealing proprietary information and extorting their employers.

CLICK HERE TO READ MORE FROM THE THE DUPREE REPORT

Do you think President Trump should have won the Nobel Peace Prize?

By completing the poll, you agree to receive emails from The Dupree Report, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

In June, cybersecurity firm Cisco Talos documented the “PylangGhost” campaign, in which Lazarus Group operatives created fake coding tests and video interview platforms designed to infect blockchain developers’ devices. Former Binance CEO Changpeng Zhao warned that North Korean hackers were increasingly infiltrating crypto firms through fake job applications and malware hidden in interview links.

Funding Nuclear Ambitions

According to the United Nations and multiple intelligence agencies, proceeds from these hacks are used to finance North Korea’s nuclear and ballistic missile development. Elliptic estimates that since 2017, North Korean hackers have collectively stolen over $6 billion from the crypto industry.

The stolen funds insulate the regime from economic impacts of U.S. and UN sanctions while positioning North Korea to exploit Chinese and Russian efforts to build alternative financial systems. Western intelligence officials have called for tighter international cooperation to track and freeze stolen assets before they can be laundered.

Sophisticated Laundering Networks

TraderTraitor actors are moving rapidly, converting stolen assets to Bitcoin and dispersing them across thousands of addresses on multiple blockchains. An example from the Bybit hack shows multiple blockchain bridging events between Bitcoin, Ethereum, BTTC, and Tron blockchains, utilizing three separate cross-chain services.

MORE NEWS: Two Women Convicted in Brigitte Macron Libel Case

Despite these challenges, blockchain’s inherent transparency means illicit activity leaves traces. The FBI has released lists of Ethereum addresses holding or having held assets from the Bybit theft, encouraging exchanges, bridges, and other virtual asset service providers to block transactions with these addresses.

As the leading provider of blockchain analytics, Elliptic’s dedicated team of analysts rapidly attributes stolen funds within their systems when major hacks occur. This enables regulated financial service providers worldwide to identify and block illicit deposits, limiting opportunities for North Korean actors to cash out.

How can cryptocurrency exchanges and individual investors better protect themselves against state-sponsored hacking operations targeting digital assets?

Freedom-Loving Beachwear by Red Beach Nation - Save 10% With Code RVM10