London – October 2025 – North Korea-linked threat actors have stolen more than $2 billion (≈ ₹16,800 crore) in cryptocurrency this year, marking the largest-ever annual total attributed to the regime’s hacking units, according to a new blockchain analysis report by Elliptic, a London-based crypto forensics firm.
The analysis suggests that these funds are being channeled directly into North Korea’s missile and nuclear weapons programs, underscoring how cyber theft has evolved into a key pillar of the hermit nation’s economic survival and military expansion.
With three months still left in 2025, the total surpasses $6 billion in lifetime crypto thefts by North Korean hackers—three times more than last year’s figure and exceeding 2022’s previous record of $1.35 billion.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
Major Heists: Bybit, LND.fi, WOO X, and Seedify
Elliptic attributed the staggering rise in stolen assets to a handful of large-scale breaches, most notably the $1.46 billion hack on cryptocurrency exchange Bybit in February 2025.
Other confirmed targets include LND.fi, WOO X, and Seedify, among more than 30 additional breaches the firm has linked to Pyongyang’s state-sponsored hacking groups, such as Lazarus, BlueNoroff, and Andariel.
“This year’s losses are driven in large part by February’s $1.46bn theft from Bybit. Other thefts attributed to North Korea include those suffered by LND.fi, WOO X and Seedify,” Elliptic noted.
The attacks reflect an expanding global campaign of financial cyber warfare, leveraging stolen digital assets to evade sanctions and fund weapons development despite international restrictions.
Human Weakness Replaces Technical Vulnerabilities
While North Korea’s earlier operations often exploited vulnerabilities in blockchain bridges or smart contracts, the 2025 data reveals a new approach: social engineering attacks.
According to Elliptic, hackers are increasingly targeting employees, traders, and high-net-worth individuals, using phishing campaigns, fake job offers, and impersonation tactics to gain access to wallets and exchange systems.
“This shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical,” the firm said.
This trend signals a maturing cyber strategy where human psychology—rather than software flaws—has become the easiest entry point for state-sponsored hackers.
Laundering at Scale: Hiding Billions in Plain Sight
Despite the traceable nature of blockchain transactions, Pyongyang’s cyber units have mastered sophisticated laundering techniques to conceal their operations.
Elliptic’s report highlights an escalating “laundering arms race”, with hackers deploying advanced obfuscation methods, including:
- Multiple rounds of mixing and cross-chain swaps to blur transaction trails
- Use of obscure or lesser-known blockchains where tracking coverage is weak
- Manipulation of refund addresses to reroute funds through new wallets
- Creation and trading of self-issued tokens within laundering networks
These innovations make tracing and recovery efforts increasingly complex, even for global blockchain intelligence firms.
Geopolitical Implications: Cybercrime as State Policy
The report reaffirms long-standing concerns among Western intelligence agencies that North Korea’s cybercrime units serve as a critical funding arm for the Kim Jong-un regime.
By combining digital theft, ransomware, and illicit trade, Pyongyang effectively circumvents UN sanctions and international isolation.
U.S. and South Korean authorities have repeatedly warned that cryptocurrency thefts are directly linked to North Korea’s nuclear and missile ambitions, describing them as “digital weapons of mass disruption.”
As the international community debates new countermeasures, analysts warn that the 2025 surge underscores a structural challenge—containing a regime that has turned hacking into both a state enterprise and a geopolitical tool.
