North Korean Hackers Drain $2 Billion in Crypto Heists This Year: Elliptic Report

Digital heists orchestrated by North Korean cyber operatives have crossed the $2 billion threshold this year alone—Elliptic's latest findings reveal the staggering scale of state-sponsored crypto theft.

The Anatomy of Systematic Plunder

These aren't random attacks but calculated strikes targeting exchanges and DeFi protocols. Lazarus Group and associated actors methodically bypass security layers, liquidating assets through sophisticated mixing services.

Blockchain's Double-Edged Sword

While transparency allows tracking these movements, the irreversible nature of transactions means stolen funds rarely return to victims. Exchanges scramble to freeze suspicious flows, but decentralized networks complicate recovery efforts.

Geopolitical Calculus in Digital Gold

Analysts suggest these operations fund North Korea's weapons programs, turning crypto markets into unofficial sanction-busting channels. The $2 billion haul eclipses many nations' military budgets—proving cybercrime pays better than traditional finance ever could.

As regulators play whack-a-mole with compliance rules, hackers keep finding creative ways to cash out. Maybe Wall Street could learn a thing or two about efficiency from Pyongyang's playbook.

Bybit Hack Drives Record Year

The 2025 figure is dominated by February’s $1.46 billion hack of the Bybit exchange, one of the largest crypto thefts on record.

Elliptic has also attributed attacks against LND.fi, WOO X, and Seedify to North Korea this year, along with more than 30 additional incidents involving smaller exchanges and DeFi platforms.

The $2 billion total nearly triples last year’s tally and surpasses the previous record of $1.35 billion set in 2022, when North Korea-linked actors were behind major breaches of Ronin Network and Harmony Bridge.

Shift Towards Social Engineering

While centralized exchanges remain a prime target, Elliptic noted a strategic shift toward attacks on individuals, particularly high-net-worth crypto holders and company executives.

With crypto prices rebounding in 2025, such targets have become increasingly lucrative, often lacking the robust security infrastructure of institutional platforms.

“The weak point in cryptocurrency security is now human, not technological,” Elliptic said.

This shift has seen hackers rely more on deception than code exploits, using tactics like phishing, fake job offers, and compromised social media accounts to gain access to wallets and private keys.

A Crypto-Laundering Arms Race

As blockchain analytics and law enforcement collaboration have improved, North Korea’s laundering operations have become more complex, Elliptic found.

Following the Bybit breach, investigators traced multiple rounds of cross-chain swaps between Bitcoin, Ethereum, BTTC and TRON — often using obscure protocols and self-issued tokens to disguise origins.

New laundering methods include multiple rounds of mixing, using obscure blockchains and creating new tokens issued directly by laundering networks.