North Korea-bound hacking groups have stolen more than $ 2 billion dollars value of crypto assets so far this year, according to a new analysis from Blockchain-Criminal Technical Company Elliptic, the largest annual total ever registered, and with three months of 2025 still walk.
The new data emphasizes Pyongyang’s growing dependence on cyber-activated theft to finance its weapons programs. According to the United Nations and several intelligence agencies, the proceeds from these hacks are used to finance North Korea’s nuclear and ballistic missile development.
“The extent of cryptot theft attributed to North Korea this year is unprecedented – and a clear indication of how deeply the regime depends on cybercrime,” Elliptic said in his report shared with Coindesk.
Elliptics Fund brings the overall known cryptot theft attributed to North Korea for more than $ 6 billion, since the regime’s hacking operations began to target the crypto sector around 2017.
BYBIT HACK runs record years
The figure in 2025 is dominated by February’s hack of $ 1.46 billion from the BYBIT exchange, one of the largest cryptotovers on the record.
Elliptic has also attributed attacks against LND.FI, WOO X and SEEDIFY to North Korea this year along with more than 30 additional events involving minor exchanges and defi platforms.
The $ 2 billion in total of almost tripled last year’s figures and surpasses the previous record of $ 1.35 billion in 2022, when North Korea-bound actors were behind major violations of Ronin Network and Harmony Bridge.
Change toward Social Technology
While centralized exchanges remain a primary goal, Elliptic noted a strategic shift against attacks on individuals, especially high-network cries and business leaders.
With crypto prices rebuilt in 2025, such goals have become more and more lucrative, often the robust security infrastructure of institutional platforms is missing.
“The weak point of cryptocurrency security is now human, not technological,” Elliptic said.
This shift has seen hackers rely more on deception than code utilization using tactics such as phishing, false job offers and compromised social media accounts to access wallets and private keys.
A crypto-slown arms race
As Blockchain Analytics and Law Enforcement Collaboration has improved, North Korea’s money laundering operations have become more complicated, Elliptic has been found.
Following the bybit violation, investigators are traced several rounds with transverse chain swaps between Bitcoin, Ethereum, BTTC and Tron-Ofte using unclear protocols and self-published symbols to hide the origin.
New money laundering methods include several rounds of mixing, using unclear blockchains and creating new tokens issued directly by laundering networking.
