North Korean-linked hacking groups have stolen an unprecedented $2 billion in cryptocurrency so far in 2025, thereby marking the largest annual crypto haul and shattering previous cyber theft totals, according to reports released by leading blockchain analytics firms like Elliptic and Chainalysis.
Such high figures highlight the escalating reliance of the Kim Jong Un regime on illegal cyber activities to finance its nuclear weapons and ballistic missile programs, bypassing severe international sanctions. With three months remaining in the year, the stolen funds are already triple the losses recorded in 2024.
North Korea’s record-breaking heist
The massive total for 2025 is largely driven by a single, catastrophic attack: the $1.5 billion theft from the Dubai-based cryptocurrency exchange Bybit in February. This incident, which saw hackers steal a large cache of Ethereum tokens, is now considered the largest single crypto heist in history, accounting for nearly 70 per cent of all stolen funds globally this year.
Elliptic revealed that the cumulative known value of crypto assets stolen by the North Korean regime has now topped $6 billion. The United Nations and Western intelligence agencies have consistently tracked these funds, alleging that they are a primary source of foreign currency for Pyongyang’s military projects.
Hackers targeting the ‘Human weak link’
Researchers also found a worrying evolution in the hackers’ methodology. While major centralised exchanges like Bybit remain prime targets, the focus is increasingly shifting toward high-net-worth individuals and company executives.
Blockchain experts reveal that the primary weakness in cryptocurrency security is no longer technical infrastructure but the human element. The majority of successful attacks in 2025 have relied on sophisticated social engineering — including phishing campaigns and impersonation scams — to deceive or manipulate individuals into granting access to private wallets and systems.
According to Chainalysis, personal wallet compromises now represent a growing share of total ecosystem theft, illustrating that individual holders are facing unprecedented risks.
In addition to the Bybit attack, analysts attribute over 30 smaller-scale hacks this year to North Korean actors, including intrusions against decentralized finance (DeFi) protocols and platforms like LND.fi, WOO X, and Seedify.