In 2025, North Korean state-sponsored hackers have illicitly obtained over $2 billion in cryptocurrency, marking the highest annual total to date, according to blockchain analysis firm Elliptic. This figure, derived from more than 30 separate incidents, surpasses the previous record of $1.35 billion set in 2022. Since 2017, the total amount of cryptocurrency stolen by North Korean entities is estimated to be at least $6 billion, though Elliptic suggests the actual figure may be higher due to unreported or unattributed thefts.
The primary targets of these cyber attacks have been cryptocurrency exchanges. However, there is a notable shift towards targeting high-net-worth individuals who possess substantial crypto assets. This change indicates an evolution in the hackers’ strategies, focusing more on human vulnerabilities through social engineering rather than exploiting technical flaws in crypto infrastructure. Social engineering involves manipulating individuals into divulging confidential information, thereby granting hackers access to cryptocurrency holdings.
A significant portion of this year’s stolen funds can be attributed to a massive breach at the crypto exchange Bybit, where hackers exfiltrated over $1.4 billion. The FBI and multiple blockchain monitoring firms have attributed this heist to North Korean actors. Other notable victims include the play-to-earn game Axie Infinity, which suffered a $625 million loss in 2022, crypto startup Harmony with a $100 million theft in the same year, and crypto exchange WazirX, which lost $235 million in 2024.
The United Nations Security Council has previously estimated that between 2017 and 2023, North Korean hackers stole approximately $3 billion in cryptocurrency. Adding the 2025 figures, the total approaches $6 billion. The UN believes that the regime led by Kim Jong-Un utilizes these stolen funds to finance its nuclear weapons program, circumventing international sanctions.
The shift towards social engineering attacks underscores the increasing importance of human factors in cybersecurity. As technical defenses become more robust, attackers are exploiting human psychology to achieve their objectives. This trend highlights the need for enhanced awareness and training to mitigate the risks associated with social engineering tactics.
In response to these escalating threats, cryptocurrency exchanges and related platforms are urged to implement stringent security measures, including multi-factor authentication, regular security audits, and comprehensive employee training programs. Additionally, collaboration between international law enforcement agencies and the private sector is crucial to track and recover stolen assets and to hold perpetrators accountable.
The record-breaking cryptocurrency thefts attributed to North Korean hackers in 2025 serve as a stark reminder of the persistent and evolving cyber threats facing the digital asset industry. Stakeholders must remain vigilant and proactive in their security practices to safeguard against such sophisticated attacks.
