The groups of hackers linked to North Korea have stolen more than 2,000 million dollars in cryptoactive so far this year, according to a new analysis of the Forensic firm of Blockchain Elliptic, the largest annual total ever registered, and when three months are still missing by 2025.
The new data underlines the growing Pyongyang dependence on cyber theft to finance its weapons programs. According to the United Nations and multiple intelligence agencies, the profits of these attacks are used to finance the development of ballistic and nuclear missiles of North Korea.
“The scale of cryptocurrency theft attributed to North Korea this year is not preceded, and it is a clear indication of how deeply the cybercrime regime depends,” Elliptic said in his shared report with Coindesk.
Elliptic’s findings raise the total cryptocurrency theft known to North Korea to more than 6 billion dollars since the piracy operations of the regime began to point to the cryptocurrency sector around 2017.
Bybit Hack promotes a record year
The 2025 figure is dominated by the hacking of the Bybit stock market worth $ 1,460 million in February, one of the largest cryptocurrency robberies ever registered.
Elliptic also attributed the attacks against LND.FI, Woo X and Seedify to North Korea this year, along with more than 30 additional incidents that involved smaller exchanges and defi platforms.
The total of 2 billion dollars almost triples the figure of last year and exceeds the previous record of 1,350 million dollars established in 2022, when actors linked to North Korea were behind important rapes of Ronin Network and Harmony Bridge.
Change towards social engineering
While centralized exchanges remain a main objective, Elliptic noticed a strategic change towards attacks on individuals, particularly to the coral holders of high heritage and companies executives.
With the rebound in cryptocurrency prices in 2025, these objectives have become increasingly lucrative they often lack the solid safety infrastructure of institutional platforms.
“The weak point of cryptocurrency safety is now human, not technological,” Elliptic said.
This change has made computer pirates depend more on deception than on code vulnerabilities, using tactics such as phishing, false work offers and committed social networks accounts to obtain access to private wallets and keys.
An arms race for cryptocurrency washing
As Blockchain’s analysis and the collaboration of order forces have improved, North Korea washing operations have become more complex, Elliptic discovered.
After the violation of Bybit, the researchers tracked multiple rounds of exchanges between chains between Bitcoin, Ethereum, BTTC and Tron, often using dark protocols and self -mitted tokens to disguise the origins.
The new washing methods include multiple mixing rounds, the use of dark block chains and the creation of new tokens issued directly by wash networks.
