North Korea-backed hackers have made headlines with an unprecedented theft of over $2 billion in cryptocurrency assets this year, as revealed in a recent report by blockchain analytics firm Elliptic. This staggering figure has been amassed through more than 30 distinct hacking incidents, marking the highest total ever recorded with three months remaining in the year.
A significant portion of this year’s loot stems from a colossal $1.5 billion heist involving the cryptocurrency exchange Bybit, attributed to North Korea’s state-sponsored Lazarus Group. This particular event has been characterized as the largest theft in the history of cryptocurrency.
Additional incidents linked to North Korean hackers include a $14 million theft from nine users on the crypto trading platform WOO X in July, and another $1.2 million taken from blockchain funding platform Seedify in September.
Despite enduring stringent international sanctions, North Korea has increasingly resorted to cybercrime as a means of financing its missile and nuclear development programs. The U.N. Security Council’s now-disbanded Panel of Experts reported last year that illicit cyber activities fund approximately 40% of the nation’s weapons programs.
Since 2017, the total estimated value of cryptoassets stolen by North Korean operatives has soared past $6 billion, with Elliptic indicating that the true figure could be even higher. The firm acknowledged numerous thefts that appear to bear the hallmarks of North Korea-linked operations but lack sufficient evidence for direct attribution. Furthermore, it pointed out that many thefts likely go unreported and thus remain unknown.
Elliptic’s report also highlighted a shift in the tactics used by North Korean hackers. While earlier attacks primarily targeted vulnerabilities in cryptocurrency infrastructure, a notable trend has emerged in 2025, where most hacks involve “social engineering.” These methods focus on deceiving or manipulating individuals to gain access to digital assets, emphasizing that the vulnerability in cryptocurrency security increasingly lies not in technology, but in human behavior.
