A recent report from the blockchain analysis firm Elliptic has revealed alarming figures. Groups of North Korean hackers steal cryptocurrency at an unprecedented rate, accumulating over $2 billion in 2025 alone. This amount represents the highest annual total ever recorded, showcasing a growing sophistication in their criminal operations.
According to the analysis, this new record brings the total known value of digital assets stolen by the regime to over $6 billion. The report highlights that this year’s staggering losses are largely driven by the February attack on the Bybit exchange, which resulted in a $1.46 billion theft. In addition to this, more than thirty other hacks have been attributed to North Korea so far this year.
An unprecedented escalation in financial cybercrimes
The scale of these attacks underscores the growing threat that North Korea poses to the global digital economy. These illicit funds are used, according to experts, to finance the country’s weapons programs, thereby circumventing strict international sanctions. The attribution of these cyberattacks, while not an exact science, is based on analysis of laundering patterns and intelligence sources that connect the operations to North Korean state actors.
The modus operandi has also evolved significantly. Previously, attacks focused on exploiting technical flaws in project infrastructure. However, a clear shift towards social engineering attacks is now being observed. Through this method, hackers deceive individuals to gain access to their credentials and funds, affecting both exchange platforms and high-net-worth individuals.
The shift in tactics and its impact on global security
This change in strategy demonstrates greater adaptability on the part of the cybercriminals. Social engineering attacks are harder to prevent with purely technical measures, demanding greater security awareness from users. The industry faces an ongoing challenge to protect investors’ assets. Consequently, platforms are strengthening their security protocols and collaborating more closely with authorities to trace the funds.
The current situation poses a significant challenge for regulators and security agencies worldwide. The use of cryptocurrency mixers and cross-chain transactions greatly complicates the tracking of stolen assets. As North Korean hackers steal cryptocurrency more effectively, the international community is seeking new ways to cut off these illicit funding sources, although the task is becoming increasingly complex.
