Global cybersecurity researchers are sounding alarms as North Korean-linked hacking groups reportedly stole over $2 billion (≈ ₹16,600 crore) in cryptocurrency in 2025 alone, making it possibly the largest year of crypto theft tied to a single state actor on record. According to Elliptic, this estimate is based on analysis of more than 30 individual hacks across exchanges and platforms.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
Shift from Exchanges to Individuals
Historically, North Korean cyber groups like Lazarus targeted crypto exchanges and infrastructure. But recent investigations reveal a pattern shift: attackers are increasingly focusing on high-net-worth individuals who often have weaker security protocols. Social engineering, phishing, and compromised third-party applications have become core tools in their arsenal.
Elliptic notes that many 2025 breaches did not exploit technical vulnerabilities within exchanges but rather customer-side weaknesses. Attackers fooled employees or misused privileged access via third-party tools to exfiltrate data. The defrauded sums span across multiple platforms and wallets globally.
Bigger Picture and Trends
Compared to previous years, 2025’s tally already exceeds the record set in 2022, when North Korea was linked to $1.35 billion (≈ ₹11,200 crore) in crypto thefts. Analysts caution that the real number could be significantly higher, as many incidents remain undisclosed or lacking conclusive attribution.
Western governments have repeatedly accused North Korea of using these ill-gotten gains to fund its nuclear and missile programs. The stolen funds are often laundered through complex routes involving crypto mixing services, shell entities, and cross-border transfers.
For crypto users and exchanges, the message is clear: security needs to evolve beyond infrastructure defense. With attackers increasingly targeting the human element, vigilance, strong identity protocols, zero-trust access, and proper monitoring are essential. The digital frontier has taught us — attackers now know that people are the weakest link.
