Research indicates that North Korean hackers have stolen over $2 billion (£1.49 billion) from cryptocurrency holders in 2025, marking a record year for such activities. These thefts now contribute to approximately 13% of North Korea’s gross domestic product (GDP) per United Nations estimates.
Over recent years, groups like the Lazarus Group have targeted cryptocurrency companies, focusing on large-scale thefts of digital assets. Researchers at Elliptic report that high net worth individuals in the crypto space have become increasingly appealing targets, as they often lack the robust security measures found in larger businesses. Western security agencies have linked the funds stolen to financing North Korea’s nuclear weapons and missile development initiatives.
Dr. Tom Robinson from Elliptic has commented that the targeting of individuals, who are less likely to report thefts, may mean that the true scale of cyber theft linked to North Korea is not fully captured. He notes that many thefts may share characteristics of North Korean activity but cannot be definitively attributed to them due to insufficient evidence.
The North Korean embassy in the UK was contacted for comment but did not respond. In previous instances, the regime has denied involvement in any hacking activities. Elliptic and firms such as Chainalysis can track the movement of stolen funds via blockchain technology, which records public transactions.
Thus far in 2025, Elliptic estimates that the cumulative total of stolen cryptoassets linked to the regime has exceeded $6 billion. The largest theft attributed to North Korean hackers this year was $1.4 billion from the crypto exchange ByBit in February. Other notable attacks include a July incident where $14 million was stolen from WOO X and another theft where $1.2 million was taken from Seedify. The highest theft from an individual has reached $100 million. This year’s activity significantly surpasses the total of $1.35 billion reported in 2022. There are also allegations that the regime operates a fraudulent IT worker scheme to generate additional income while evading international sanctions.
Source: https://www.bbc.com/news/articles/cwy8z7wxe03o?at_medium=RSS&at_campaign=rss