North Korean hackers have stolen over $2 billion in cryptocurrency so far in 2025, setting a new yearly record and nearly tripling their total from last year. The unprecedented theft highlights the regime’s increasing reliance on cybercrime to fund its weapons programs, including nuclear and ballistic missile development.

The majority of this year’s record comes from the high-profile hack of the Bybit crypto exchange in February, where about $1.5 billion was stolen in a single attack. Additional incidents attributed to North Korean groups targeted platforms like LND.fi, WOO X, Seedify, and more than 30 smaller exchanges and decentralized finance services.

A noticeable trend this year is a shift in tactics. Instead of mainly exploiting software vulnerabilities, North Korean hackers have increasingly targeted individuals—especially high-net-worth crypto holders and company executives. Through social engineering techniques such as phishing, fake job offers, and compromised social media accounts, they manipulate victims into revealing wallet credentials or private keys. As a result, people, rather than technology, have become the weakest link in cryptocurrency security.

Law enforcement and blockchain research firms are also seeing North Korean laundering operations grow more complex. After attacks, stolen assets move through multiple blockchains, cross-chain swaps, mixing services, and obscure protocols to mask their origins. New laundering techniques include creating tokens and conducting transactions across less-known blockchains, making tracing efforts even more difficult.

Since North Korean cyber operations began targeting the crypto sector around 2017, the total estimated amount stolen by these groups now exceeds $6 billion. Analysts warn the real numbers could be even higher, as it can be challenging to definitively attribute each theft and not all incidents are publicly reported.

International organizations, including the United Nations, acknowledge that these funds directly support North Korea’s weapons ambitions, leading to renewed calls for stronger global enforcement and tighter security within the cryptocurrency industry. As the threat evolves, strengthening both technical defenses and user awareness will be critical in protecting against further large-scale cyber thefts.