Close Menu
    Regulation

    North Korean Hackers Seize Over $2B in Crypto This Year, Report Reveals

    North Korean hackers have stolen over $2 billion in cryptocurrency in 2025, surpassing previous theft records, a new report reveals.
    Kelvin MuneneBy 4 Mins Read
    Hackers have exploited approximately 400,000 routers for crypto mining purposes.

    TLDR

    • North Korean hackers have stolen $2B in crypto in 2025, surpassing all past thefts.
    • Lazarus Group led the $1.46B Bybit attack, driving 2025’s record haul.
    • Over 30 cryptocurrency heists by North Korea’s hackers reported in 2025.
    • North Korea used advanced laundering tactics to evade sanctions and track.

    North Korean hackers have reportedly stolen a record $2 billion in cryptocurrency in 2025, surpassing previous annual thefts. According to a recent report by Elliptic, this marks a significant escalation in North Korea’s cybercrime operations. With three months still remaining in the year, the total amount stolen already far exceeds last year’s tally of $700 million and has shattered past records.

    Record-Breaking Crypto Theft

    This year, North Korean cybercriminals have stolen over $2 billion in digital assets, a sharp rise from previous years. Elliptic’s findings show that the bulk of this theft is attributed to the Lazarus Group, a hacking group believed to be backed by the North Korean government. The largest theft took place in February, when hackers stole $1.46 billion from the cryptocurrency exchange Bybit. This event alone accounts for nearly half of the stolen amount in 2025.

    In comparison, last year’s total thefts were just over $700 million, and the previous high was $1.35 billion in 2022. The Lazarus Group, responsible for the Bybit attack, is known for its large-scale heists, but this year’s thefts have expanded to other exchanges and blockchain platforms. With more than 30 separate attacks linked to North Korean actors, Elliptic suggests that the number of incidents may be even higher, with some still unreported or untraceable.

    Growing Sophistication in Hacking Methods

    North Korean cybercriminals are employing more sophisticated methods to carry out their attacks, making them harder to track. While previous years saw mostly attacks on cryptocurrency exchanges, 2025 has seen a shift toward targeting high-net-worth individuals. These individuals are often less prepared for cyber threats, making them easy targets for social engineering campaigns.

    According to Elliptic, many of the attacks this year have involved deceiving individuals to gain access to their digital assets. These attacks capitalize on human error rather than relying on technical exploits. In the Bybit incident, attackers used phishing techniques to gain control of a wallet and forge transaction signatures, further demonstrating the group’s evolving strategies.

    Laundering Techniques and Evasion of Sanctions

    A key aspect of North Korea’s cybercrime operations is the ability to launder stolen funds and evade international sanctions. The report highlights how North Korean hackers have developed increasingly complex methods for laundering stolen cryptocurrency. These techniques involve mixing stolen assets through different blockchain protocols, utilizing obscure networks, and redirecting funds through multiple wallets to conceal their origins.

    By using these methods, North Korean hackers are able to convert stolen cryptocurrency into hard currency. This laundered money is believed to help fund the country’s nuclear and missile programs, a significant concern for global security. Elliptic warns that while law enforcement agencies are improving their ability to trace illicit funds, the crypto-laundering arms race is far from over.

    Ongoing Efforts to Counteract Cybercrime

    Despite these advanced laundering strategies, blockchain analysts and law enforcement agencies are improving their capabilities to track and trace illicit crypto flows. Elliptic emphasizes the importance of blockchain analytics in identifying and disrupting these operations. These technologies allow investigators to trace the flow of stolen funds across multiple blockchain networks, improving the chances of recovering assets and holding perpetrators accountable.

    While the North Korean cybercriminal groups may continue to adapt their methods, the efforts of global security agencies and blockchain experts are expected to intensify in response. The ongoing “cat-and-mouse” game between cybercriminals and investigators continues to evolve as North Korea’s cyber activities grow more advanced and widespread.

    Kelvin Munene is a crypto and finance journalist with over 5 years of experience in market analysis and expert commentary. He holds a Bachelor's degree in Journalism and Actuarial Science from Mount Kenya University and is known for meticulous research in cryptocurrency, blockchain, and financial markets. His work has been featured in top publications including Coingape, Cryptobasic, MetaNews, Coinedition, and Analytics Insight. Kelvin specializes in uncovering emerging crypto trends and delivering data-driven analyses to help readers make informed decisions. Outside of work, he enjoys chess, traveling, and exploring new adventures.

    Related Posts

    BC Game Crypto: 100% Bonus & 400 Free Casino Spins, Claim Here!