North Korea-linked hackers stole record amounts in cyberattacks already this year, researchers say

North Korea-linked hackers have stolen over $2bn (£1.49bn) in cryptoassets in 2025 so far, the largest annual cyber-related theft in history, according to researchers.

The record cryptoasset theft is likely to add to North Korea’s growing coffers, which Western powers and the United Nations say help fund Kim Jong Un’s nuclear weapons and missile programmes.

This year’s bumper haul from illicit activity has been largely driven by the single largest crypto heist carried out by the hackers, the February attack on the Dubai-based cryptocurrency exchange Bybit, in which hackers stole $1.5bn in Ethereum tokens, accounting for more than half of total losses so far this year.

Elliptic, a London-based blockchain analytics and cryptocurrency intelligence firm, said hackers have increasingly targeted crypto-wealthy individuals, who often lack the security measures employed by businesses.

“The record-breaking $2 billion stolen this year underlines both the scale of the threat and the importance of robust blockchain analytics,” the company said.

“North Korea may be adapting its tactics, but with advanced forensic capabilities, the crypto industry and law enforcement are well-placed to detect and trace these threats.”

In addition to the February heist, Elliptic has attributed more than 30 other attacks to North Korea so far this year. Other thefts include those suffered by WOO X, Seedify, and LND.fi.

The report stated that most hacks in 2025 have been carried out through social engineering, where hackers deceive or manipulate individuals to gain access to cryptocurrency.

This represents a shift from earlier attacks, which often exploited technical vulnerabilities in crypto infrastructure, and underscores that the primary weak point in cryptocurrency security is increasingly human rather than technical.

Elliptic said it used a combination of blockchain analytics, observed laundering patterns, and intelligence sources to attribute the attacks to North Korean hackers. The firm has also privately assisted victims of other attacks that have cost organisations and individuals tens or even hundreds of millions.

The 2025 total has already dwarfed previous years and is almost triple last year’s tally. However, the actual figure may be even higher, as many of the crimes go unreported. North Korea denies involvement in hacking, crypto thefts and other cybercrime.