- Proceeds from these thefts are reportedly used to finance North Korea’s nuclear and missile programs, according to the United Nations and intelligence agencies.
- The largest single incident this year was the Bybit exchange hack in February, which accounted for $1.5 billion of the total.
- Hackers are shifting from purely technical exploits to social engineering tactics such as phishing and fake job offers.
- Laundering methods now involve complex cross-chain swaps and use of obscure blockchains to hide stolen funds, based on analysis by Elliptic.
North Korea-linked cyber groups have stolen over $2 billion in crypto assets so far in 2025, according to new findings by blockchain forensics firm Elliptic. With three months left in the year, this marks the highest amount ever stolen by these groups in a single year.
The report finds that these thefts are a growing source of funds for Pyongyang’s weapons programs. According to the United Nations and multiple intelligence agencies, money gained through crypto hacks helps finance North Korea’s nuclear and ballistic missile development.
Elliptic states that the total known crypto theft linked to North Korea now exceeds $6 billion since Hacking operations began focusing on the sector in 2017. The firm noted, “The scale of crypto theft attributed to North Korea this year is unprecedented — and a clear indication of how deeply the regime depends on cybercrime.”
The single largest incident in 2025 was the February hack of the Bybit exchange, which resulted in a theft of $1.5 billion. Elliptic also links attacks on LND.fi, WOO X, and Seedify, as well as more than 30 other smaller cases, to North Korea this year. The $2 billion figure is almost three times the amount stolen in 2024, and surpasses the previous record from 2022, when hackers stole $1.35 billion through breaches including the Ronin Network and Harmony Bridge.
The report explains a shift in tactics from hacking institutions to targeting individuals, such as large cryptocurrency holders and executives. According to Elliptic, “The weak point in cryptocurrency security is now human, not technological.” Hackers increasingly use methods like phishing—deceptive emails aiming to steal credentials—fake online job offers, and hijacked social media accounts to access crypto wallets and private keys.
With law enforcement and blockchain analytics improving, Elliptic notes North Korea’s laundering efforts have also become more advanced. After the Bybit hack, criminals used several rounds of cross-chain swaps—moving assets between blockchains such as Bitcoin, Ethereum, BTTC, and Tron—to mask the origin of funds. The firm points to new laundering strategies including token creation and use of obscure blockchains to further obscure the trail of stolen money.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Ken Griffin Warns as Gold, Bitcoin Surge and Dollar Loses Safe Haven
- Bitcoin Slips After Record High as U.S. Government Shutdown Continues
- Railgun Unveils First Private Multi-Sig Wallet Prototype on Ethereum
- Nvidia Sentiment Turns Bearish After AMD-OpenAI GPU Partnership News
- Fasset Gets License for World’s First Stablecoin Islamic Bank
