On a February morning in 2025, the systems of crypto exchange ByBit were silently but devastatingly breached. Within minutes, approximately ₹1.05 lakh crore worth of digital assets vanished. This was no ordinary cybercrime — it was the largest digital attack linked to North Korean hackers to date.
According to researchers, North Korean hackers have targeted wealthy crypto investors this year, stealing over ₹1.49 lakh crore. United Nations data indicates that this amount is roughly 13% of North Korea’s estimated Gross Domestic Product (GDP).
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
In recent years, hacking groups such as Lazarus have consistently targeted major crypto exchanges and digital tokens. However, analysts from firms like Elliptic and Chainalysis have observed a new trend in 2025: high-net-worth individual investors, who often lack professional-level security measures, have increasingly become primary targets.
Dr. Tom Robinson, Chief Scientist at Elliptic, commented:
“Attacks on individuals are underreported, so the actual amount stolen may be far higher than official figures suggest. Many incidents show strong links to North Korea, although full verification is still pending.”
Western security agencies have warned that the stolen funds are likely being used to finance North Korea’s nuclear and missile programs. The North Korean embassy in the UK was contacted for comment but did not respond.
Tracking on the Blockchain
Companies like Elliptic and Chainalysis trace stolen assets through public blockchain transaction data. This technology helps identify hackers’ patterns, tools, and strategies. Researchers have found that North Korean hacking groups regularly adopt new technologies, making detection increasingly challenging.
Elliptic estimates that North Korea’s cyber activity in 2025 has pushed the total known stolen crypto assets to approximately ₹4.47 lakh crore.
By comparison, the UN estimated North Korea’s GDP in 2024 at $15.17 billion (around ₹1.13 lakh crore).
Major Incidents in 2025
- February: ₹1.05 lakh crore stolen from ByBit
- July: ₹1.05 crore stolen from nine users on WOO X
- Seedify: ₹90 crore digital assets stolen
- Individual investors: The largest single theft amounted to ₹7.5 crore
Analysts note that 2025 has already surpassed the 2022 record, when North Korea was accused of stealing a total of ₹99.75 crore.
Fake IT Programs and International Sanctions
North Korea has also been accused of running fake IT worker programs, which allow it to circumvent international sanctions and raise additional funds. This strategy serves as a digital workaround for the country’s economic challenges.
Expert Analysis
Former IPS officer and cybercrime expert Professor Triveni Singh said:
“North Korean hackers operate with highly organized, long-term strategies. Wealthy investors are often lax in their security measures, making them easier targets. This is not just financial theft — it poses a national security risk, as the stolen funds are directly channeled into weapons and missile programs.”
He further added:
“Crypto security can no longer be limited to technical measures alone. Personal digital habits, password protection, and regular financial monitoring are equally critical. This is a new type of cyber threat, where investor awareness plays a decisive role.”
Analysts’ Warning
Cybersecurity specialists caution that North Korea’s new targeting strategy presents a serious challenge to global crypto security. Enhancing protections for high-net-worth investors has now become not just advice, but a necessity.
“Crypto investors can no longer rely solely on technical safeguards,” Dr. Robinson said. “Their financial behavior and personal security vigilance are equally crucial.”
