This post is also available in:
עברית (Hebrew)
The year isn’t even over yet, but cyber groups linked to North Korea have already made 2025 their most profitable year to date, stealing over $2 billion in cryptocurrency. According to blockchain analytics firm Elliptic, this year’s total represents the largest amount ever attributed to North Korean cybercriminals in a single year—and nearly triples their haul from 2024.
The cumulative value of crypto assets known to have been stolen by North Korea now exceeds $6 billion. The true number may be higher, as some thefts remain unreported or unconfirmed. Elliptic noted that many additional incidents bear the hallmarks of North Korean tactics but lack definitive attribution.
The single largest incident driving this year’s total was a $1.46 billion breach of the Bybit crypto exchange in February, described as the most significant theft in the history of digital asset platforms. Smaller-scale incidents targeted platforms such as Seedify, LND, and WOO X. Elliptic has connected more than 30 cyber incidents in 2025 alone to actors aligned with the North Korean regime.
A notable trend this year is the shift in targets. While centralized exchanges remain a focus, attackers are increasingly turning to high-net-worth individuals. These targets often lack the robust cybersecurity defenses that institutional platforms maintain, making them more susceptible to social engineering attacks. These methods exploit human vulnerabilities rather than technical flaws—a change from previous years when exploits were more often linked to code weaknesses.
The strategic importance of these thefts extends beyond financial gain. International bodies, including the United Nations, have reported that stolen crypto is used to fund North Korea’s nuclear weapons and ballistic missile programs. Some cyber operations also serve dual purposes: obtaining both revenue and technical knowledge that may aid weapons development.
