According to blockchain analysts at Elliptic, over the first nine months of 2025, North Korean hackers stole more than $2 billion worth of cryptocurrency assets, setting a new record.
Thus, the total confirmed amount of cryptocurrency stolen by attackers from North Korea already exceeds $6 billion. The UN and several U.S. government agencies believe that these funds are used to finance North Korea’s nuclear program.
Elliptic notes that the amount stolen is almost three times higher than the 2024 figure and significantly exceeds the previous record of $1.35 billion, set in 2022 and linked to attacks on Ronin Network and the Harmony cross-chain bridge.
This year, most of the record-breaking sum attributed to North Korean attackers comes from the hack of the Bybit exchange that occurred in February 2025. At that time, the hackers stole about US$1.46 billion.
Additionally, based on blockchain analysis, money-laundering patterns, and other data, researchers attribute roughly 30 cases of cryptocurrency theft to North Korean hackers. Among other notable incidents in 2025, experts list attacks on LND.fi, WOO X, Seedify, and the Taiwanese exchange BitoPro, from which the Lazarus hacking group stole about $11 million USD.
At the same time, Elliptic stresses that this is a very conservative estimate, as many incidents go undetected, while others are assessed with low confidence.
Researchers say one of the main trends of 2025 is a shift from mass attacks on companies to hacking private individuals who hold substantial crypto assets, as well as exchange employees. These people are being targeted with social engineering attacks, which appear to be supplanting the exploitation of vulnerabilities in DeFi infrastructure.
Money-laundering strategies are evolving as well. Attackers now use more sophisticated tactics, including multiple mixer operations, cross-chain transfers, the use of lesser-known blockchains, purchasing utility tokens, exploiting refund addresses, and custom tokens issued by money-laundering networks.