North Korea-linked Hackers Stole Over $2B in Crypto So Far in 2025: Report
North Korean hackers have commandeered more than $2 billion in cryptocurrency assets in 2025 alone, setting a new annual record with nearly three months still left in the year.
This vast sum reflects the growing reliance of Pyongyang on illicit cyber activities to fund its controversial nuclear and ballistic missile programs, according to blockchain analysis firm Elliptic and international intelligence sources.
Digital assets meet tradfi in London at the fmls25
The Scale and Impact of the Thefts
This year’s staggering total has been largely driven by a single exploit – the February hacking of the cryptocurrency exchange Bybit, which alone reportedly accounted for $1.46 billion in stolen digital assets.
Source: Elliptic
Beyond this, North Korea-affiliated groups have been linked to over 30 crypto thefts targeting various platforms, including LND.fi, WOO X, and Seedify. The sum collected through these hacks now exceeds $6 billion, which is the total crypto assets stolen by the regime since 2017.
The United Nations and multiple government agencies have repeatedly flagged such activities as contributors to Pyongyang's sanction evasion strategies.
From Technical Flaws to Human Vulnerability
Recent attacks demonstrate a tactical shift for North Korean hackers. While earlier breaches largely exploited software vulnerabilities within crypto infrastructures, today’s methods emphasize social engineering, deceiving individuals into giving access to their digital assets.
According to the research, this evolution in approach means that not only exchanges but also increasingly wealthy individual crypto holders face significant risks, often without the sophisticated security measures deployed by corporations.
Elliptic highlights that this change points to the human element as the growing weak link in cryptocurrency security. Hackers now meticulously target high-net-worth individuals, sometimes to reach broader associated assets, making personal cybersecurity vigilance more critical than ever.
Increasingly Complex Laundering Techniques
Responding to advances in blockchain forensic capabilities, including improved tracking by law enforcement and compliance professionals, North Korean cybercriminals have adapted by employing intricate laundering strategies.
You may also find interesting: $1.58 Billion in Crypto Vanishes in Just 8 Months
These include multiple rounds of token mixing, cross-chain transactions across various blockchains like Bitcoin, Ethereum, and Tron, and the use of obscure blockchain networks that are less monitored by analytics teams.
Hackers also exploit “refund addresses” to reroute illicit funds among fresh wallets and create tokens issued by laundering networks, complicating investigators' efforts to trace stolen assets.
$1.4 Billion Bybit Hack
Ben Zhou@benbybit二月 26, 2025Bybit Hack Forensics Report
As promised, here are the preliminary reports of the hack conducted by @sygnia_labs and @Verichains
Screenshotted the conclusion and here is the link to the full report: https://t.co/3hcqkXLN5U pic.twitter.com/tlZK2B3jIW
Early this year, cryptocurrency exchange Bybit reported a security breach involving unauthorized access to one of its Ethereum cold wallets. The breach, linked to a vulnerability in the multisignature process through Safe Wallet, resulted in the transfer of over $1.4 billion in liquid-staked Ether (ETH) and MegaETH (mETH) to a wallet controlled by the attacker.
In response to the exploit, the exchange launched LazarusBounty.com. This platform aims to expose hackers, recover stolen assets, and enhance transparency in blockchain security, marking an industry-first initiative by the exchange.