The hacking groups in North Korea have stolen more than $ 2 billion in cryptographic assets this year, according to a new analysis of the Legal Medicine Society of the Elliptic Blockchain, the largest annual total ever recorded, and with three months of 2025 to take away.
The new data highlights Pyongyang’s growing dependence on cyberbullying theft to finance its arms programs. According to the United Nations and the multiple intelligence agencies, the products of these hacks are used to finance the development of nuclear and ballistic missiles from North Korea.
“The magnitude of the cryptographic flight attributed to North Korea this year is unprecedented – and a clear indication of the depth of the regime depends on cybercrime,” said Elliptic in his shared report with Coindesk.
Elliptic’s conclusions bring the flight of known total crypto awarded to North Korea to more than $ 6 billion since the regime hacking began to target the cryptography sector around 2017.
Bybit Hack leads to a record year
The figure of 2025 is dominated by the hacking of $ 1.46 billion in February in the exchange of Bybit, one of the largest flights in crypto ever recorded.
Elliptic has also assigned attacks on LND.FI, Woo X and Seedify to North Korea this year, as well as more than 30 additional incidents involving smaller discussions and platforms.
The total of 2 billion dollars of almost triple the total of last year and exceeds the previous 1.35 billion dollars record established in 2022, when the actors linked to North Korea were behind the major violations of Ronin Network and Harmony Bridge.
Move to social engineering
While centralized exchanges remain a main target, Elliptic noted a strategic change towards attacks against individuals, in particular crypto-netter holders and business managers.
The prices of rebounding cryptography in 2025, these objectives have become more and more lucrative, undoubtedly the robust security infrastructure of institutional platforms.
“The weak point of the safety of cryptocurrencies is now human, not technological,” said Elliptic.
This change has seen pirates more understood on deception than code exploits, using tactics such as phishing, false job offers and compromised social media accounts to access portfolios and private keys.
An arms race for crypto whitening
While the blockchain analysis and the collaboration of the police have improved, the laundering operations of North Korea have become more complex, Elliptic revealed.
Following the violation of Bybit, the investigators drew several cycles of crossing between Bitcoin, Ethereum, BTTC and Tron – often using obscure protocols and self -emitted tokens to hide the origins.
The new laundering methods include several mixing cycles, the use of obscure blockchaines and the creation of new tokens issued directly by the laundering networks.
