Research firm Elliptic reported (via TechCrunch) that since the beginning of 2025, hackers working for the North Korean government have carried out more than 30 cyberattacks and stolen more than $2 billion worth of cryptocurrency.
This is the largest annual figure on record, with three months left in the year. The previous record was set in 2022, when North Korean hackers stole $1.35 billion.
Cryptocurrency exchanges remain the main targets, but in 2025, hackers began to more actively attack owners of large private assets. At the same time, the approach has changed: most of this year's thefts were carried out through social engineering, where victims are misled into accessing their wallets. This indicates a change in tactics: instead of technical vulnerabilities, hackers are increasingly exploiting the human factor.
The largest attack in 2025 was the theft of over $1.4 billion from the Bybit exchange, which, according to the FBI and independent researchers, was carried out by North Korean hackers. Previously, notable victims included the game Axie Infinity ($625 million in 2022), the startup Harmony ($100 million in 2022), and the WazirX exchange ($235 million in 2024).
According to the UN, the stolen funds are being used to finance Pyongyang's nuclear program.
The total amount of cryptocurrency stolen by North Korean hackers since 2017, according to Elliptic, is at least $6 billion. The company notes that the actual figures may be higher, as some of the attacks have not been officially confirmed or remain unknown.