North Korean Hackers to Steal $2 Billion in Cryptocurrency by 2025

The market is under attention

According to a shocking report from blockchain analytics firm Elliptic, North Korean state-sponsored hackers, led by the infamous Lazarus Group, have stolen a whopping $2 billion in cryptocurrency so far this year — surpassing the previous annual record by 48% and nearly tripling 2024’s $742.8 million.

With just three months to go until 2025, the surge has pushed the regime’s total cryptocurrency thefts past $6 billion since 2017, fueling nuclear and missile programs condemned by the United Nations amid tough sanctions.

From malware exploits to malicious social engineering operations targeting high-net-worth individuals, the human element has become the weak point of cryptocurrencies. In an era of increasingly sophisticated chain forensic technology, Pyongyang’s agents are bypassing defenses, laundering money through cross-chain mazes and opaque networks—a wake-up call for exchanges, wallets, and regulators to strengthen their behavioral safeguards before the thefts escalate further.

Latest report from Elliptic

Sophisticated money laundering methods include cross-chain swaps, multi-step mixers, and illiquid blockchains designed to avoid tracking. This trend reflects North Korea’s shift from brute-force attacks to behavioral exploits, targeting individuals and employees within cryptocurrency organizations rather than just cryptographic vulnerabilities.

Other notable names include:

• A DeFi lending protocol was exploited via a flash loan attack in March.

• WOO X ($8.5 million): Cryptocurrency wallet drained by scam in June.

• Seedify ($7.2 million): Cross-chain bridge vulnerability attacked in August.

• BitoPro ($11 million): Exchange Invasion in September.

High-value individuals now make up 40% of targets, up from 15% in 2024, with tactics like fake LinkedIn job offers and deepfake video calls luring victims. As Elliptic CEO Conor Grogan noted, “Regime hackers are adapting faster than the industry, making psychological manipulation their primary weapon.”

The total value of North Korean thefts is now equivalent to 10% of North Korea's GDP, according to UN estimates, highlighting the unintended role of cryptocurrencies in evading sanctions.

Once the funds are stolen, North Korea-linked groups use cross-chain liquidity protocols, small decentralized exchanges (DEXs), and privacy-focused networks to conceal the flow of funds. Many funds are moved through:

• Anonymous EVM compatible chains.

• Decentralized exchanges with minimal KYC process.

• Multi-step swaps on low volume assets.

While on-chain forensics tools like Elliptic, Chainalysis, and TRM Labs have improved, these multi-hop money laundering chains make tracing funds increasingly time-consuming.

The challenge for blockchain security

North Korea’s 2025 cryptocurrency heist is a dangerous evolution in state-sponsored cybercrime—one that combines espionage with blockchain mining. The $2 billion figure is not only a record, but also a warning: as blockchain transparency improves, adversaries are adapting faster than defenses.

The fight against cryptocurrency theft is shifting from code patches to behavioral countermeasures. Preventing the next billion-dollar breach may depend less on auditors and more on awareness — ensuring that in the battle for digital assets, the weakest link is no longer humans.

Disclaimer: The information presented in this article is the author's personal opinion in the cryptocurrency field. It is not intended to be financial or investment advice. Any investment decision should be based on careful consideration of your personal portfolio and risk tolerance. The views expressed in this article do not represent the official position of the platform. We recommend that readers conduct their own research and consult with a professional before making any investment decisions.