Elliptic, a leading blockchain analytics company, has disclosed that cybercriminals associated with North Korea have illicitly acquired over $2 billion in cryptocurrency assets in 2025 alone. This figure marks an unprecedented annual high, with nearly a quarter of the year still ahead.
This amount pushes the total known cryptocurrency thefts attributed to the regime beyond $6 billion.
Reports from the United Nations and multiple governmental bodies suggest that these illegally obtained funds are instrumental in supporting North Korea’s internationally condemned nuclear weapons and missile programs. The stolen crypto now represents approximately 13% of the nation’s gross domestic product (GDP).
The 2025 theft volume significantly surpasses all previous years, highlighting the regime’s escalating reliance on cyber-enabled financial crimes to sustain its operations and evade global sanctions.
Related: North Korean hackers pilfered over $659 million in crypto during 2024, impersonating IT professionals as spies
2025: North Korea’s Cyber Theft Reaches Unprecedented Levels
The $2 billion stolen so far in 2025 shatters the previous record of $1.35 billion set in 2022, signaling a rapid expansion in the regime’s cyber capabilities and ambitions. The notorious Lazarus Group, among other hacking collectives, has intensified efforts to exploit the cryptocurrency sector, which remains relatively unregulated and highly profitable.
The most notable breach this year occurred in February, when hackers linked to North Korea extracted $1.4 billion from the ByBit crypto exchange. This single heist constitutes the majority of the year’s total and ranks among the largest crypto thefts ever recorded.
Beyond major exchange attacks, Elliptic’s investigations have linked over 30 additional incidents to North Korean actors in 2025. These include a July breach of the WOO X platform, resulting in $14 million stolen from nine users, and another attack on Seedify that led to the loss of $1.2 million in digital assets.
Overall, the cumulative value of cryptocurrency stolen by the regime now exceeds $6 billion, factoring in schemes involving impersonation of IT professionals, according to Elliptic’s data.
Further reading: Everything you need to know about North Korea’s Lazarus Group, allegedly behind ByBit’s $1.5 billion hack
Evolving Targets: From Exchanges to Wealthy Individuals
While large cryptocurrency exchanges have borne the brunt of losses in 2025, Elliptic highlights a growing trend of attacks targeting affluent individual holders of digital assets.
Dr. Tom Robinson, Elliptic’s chief scientist, explains that individuals typically lack the advanced, layered security protocols that major exchanges implement, making them more vulnerable and appealing targets for hackers.
“Many thefts likely go unreported, and attributing cybercrimes to North Korea remains a complex challenge,” Robinson notes. Numerous hacks exhibit characteristics consistent with North Korean operations but lack conclusive proof.
As cryptocurrency valuations climb, individuals holding substantial digital wealth have become prime targets. Unlike institutional entities, these individuals often lack robust cybersecurity defenses, increasing their susceptibility.
Additionally, some hackers strategically focus on individuals connected to companies with large crypto holdings, aiming to infiltrate these organizations and access greater sums.
Companies like Elliptic and Chainalysis track stolen funds by analyzing transaction flows on public blockchains, which often reveal unique patterns and tools characteristic of North Korean cyber operations, even when the initial breach remains unclear.
Economic Impact: Cybercrime Constitutes 13% of North Korea’s GDP
One of the most striking revelations from recent research is the profound economic impact of cybercrime on North Korea’s isolated economy. The $2 billion stolen in 2025, combined with prior thefts, is estimated by the UN to represent roughly 13% of the country’s GDP.
This heavy dependence on illicit cyber activities underscores the effectiveness of North Korea’s hacking units in bypassing international sanctions. By generating foreign currency through untraceable digital theft, the regime self-finances its most controversial and dangerous programs.
Western intelligence agencies have consistently confirmed that these stolen funds are a critical financial resource for North Korea’s nuclear and ballistic missile initiatives.
In addition to cyber theft, the regime is accused of orchestrating a sophisticated fake IT worker scheme, deploying thousands of skilled North Korean IT professionals worldwide under false identities. This operation generates legitimate income streams and further evades sanctions.
Attempts to obtain comments from North Korea’s UK embassy regarding these findings were unsuccessful. Historically, the regime has denied involvement in cyberattacks.
As 2025 continues to break records, the international community faces an urgent imperative to dismantle a cybercriminal network deeply entwined with a nation’s weapons development efforts.
Also read: Cybercriminals stole $2.2 billion in crypto in 2024, with North Korean hackers responsible for $1.3 billion – report
0 Comments