Elliptic, a leader in blockchain analytics, has disclosed that cybercriminals associated with North Korea have illicitly acquired more than $2 billion in cryptocurrency assets in 2025 alone. This figure marks an unprecedented yearly high, with nearly a quarter of the year still ahead.
This latest haul pushes the total known cryptocurrency thefts attributed to the regime beyond $6 billion.
Reports from the United Nations and multiple intelligence agencies suggest that these stolen funds are instrumental in supporting North Korea’s internationally condemned nuclear and missile programs. The cumulative amount stolen now represents approximately 13% of the nation’s GDP.
The 2025 theft volume significantly surpasses all previous years, highlighting the regime’s escalating reliance on cybercrime to finance its operations and evade global sanctions.
Related read: North Korean hackers pilfered over $659 million in crypto during 2024, impersonating IT professionals as spies
2025 Sets a New Benchmark in North Korea’s Cyber Theft Campaign
The $2 billion stolen so far in 2025 eclipses the previous record of $1.35 billion, which was established in 2022. This sharp increase signals a rapid enhancement in the regime’s cyber capabilities and strategic ambitions.
Key players, notably the infamous Lazarus Group, have intensified their efforts to exploit the cryptocurrency sector, which remains a lucrative yet loosely regulated target.
The most notable breach this year took place in February, when hackers linked to North Korea extracted $1.4 billion from the ByBit crypto exchange. This single heist constitutes the bulk of the 2025 total and ranks among the largest crypto thefts ever recorded.
Beyond major exchange breaches, Elliptic’s investigations have connected over 30 additional cyberattacks to North Korean actors in 2025. These include a July incident on the WOO X platform, where $14 million was stolen from nine users, and another theft involving $1.2 million in digital assets from Seedify.
Altogether, the known value of cryptocurrency stolen by the regime now exceeds $6 billion, factoring in schemes involving impersonation of IT professionals, according to Elliptic’s data.
Further reading: Comprehensive insights into North Korea’s Lazarus Group, suspected of orchestrating ByBit’s $1.5 billion hack
Evolving Targets: From Exchanges to Wealthy Individuals
While large cryptocurrency exchanges have borne the brunt of losses in 2025, Elliptic highlights a growing trend of attacks targeting affluent individual holders of digital assets.
Dr. Tom Robinson, Elliptic’s chief scientist, explains that these individuals often lack the advanced, layered security protocols that major exchanges implement, rendering them more vulnerable and appealing targets.
“Many cyber thefts likely go unreported, and attributing them definitively to North Korea remains challenging,” Robinson notes. Numerous hacks exhibit characteristics typical of North Korean operations but lack conclusive evidence.
As cryptocurrency valuations climb, individuals holding substantial digital wealth have become prime targets. Unlike institutional entities, these holders often do not employ enterprise-grade security, increasing their susceptibility.
Additionally, some hackers focus on individuals connected to companies with large crypto reserves, aiming to infiltrate these organizations and access more significant funds.
Tracking stolen assets is made possible by firms like Elliptic and Chainalysis, which analyze blockchain transaction patterns. These patterns often reveal the distinctive tactics and tools used by North Korean hackers, even when the initial breach remains unclear.
Economic Impact: Cybercrime Constitutes 13% of North Korea’s GDP
One of the most striking revelations from recent research is the profound economic impact of cybercrime on North Korea’s isolated economy. The $2 billion stolen in 2025, combined with prior thefts, is estimated by the UN to represent roughly 13% of the country’s GDP.
This heavy dependence on illicit cyber activities underscores the effectiveness of North Korea’s hacking units in bypassing international sanctions. By generating foreign currency through untraceable digital theft, the regime sustains its controversial and dangerous military programs.
Western intelligence agencies have consistently confirmed that these stolen funds are a critical financial resource for North Korea’s nuclear and ballistic missile initiatives.
In addition to cyber theft, the regime is accused of running a sophisticated scheme involving fake IT workers. This operation places thousands of skilled North Korean IT professionals in remote roles worldwide under false identities, generating legitimate income and further evading sanctions.
Attempts to obtain comments from North Korea’s UK embassy regarding these findings were unsuccessful. Historically, the regime has denied any involvement in cyberattacks.
As 2025 continues to break records, the international community faces an urgent imperative to dismantle a cybercriminal network deeply entwined with a nation’s weapons development efforts.