Close Menu
    Saturday, November 22 About Us
    News

    North Korean Cybercriminals Steal Over $2 Billion in Crypto in 2025, Setting a New Global Record

    Jordan BelfortBy No Comments4 Mins Read
    A hooded cybercriminal working on a laptop with green code on the screen, North Korean flag in the background, and a large golden Bitcoin symbol overlayed.
    smallfinance.us

    North Korea-linked hacking groups have stolen more than $2 billion in cryptocurrency during the first nine months of 2025, making it the largest annual crypto theft ever recorded, according to a new analysis released by blockchain intelligence firm Elliptic on Oct. 7.

    Elliptic’s report states that this latest surge pushes the total confirmed value of crypto stolen by the North Korean regime to over $6 billion. International bodies—including the United Nations and multiple government agencies—have long warned that these stolen digital assets play a major role in funding North Korea’s nuclear and missile development programs.

    2025 Theft Levels Nearly Triple Last Year

    The firm noted that 2025’s theft amount is already nearly triple the total stolen in 2024, showing how quickly the country has escalated its reliance on cyber-enabled theft.

    For comparison, the previous highest-theft year was 2022, when hackers stole an estimated $1.35 billion—a figure now overshadowed by 2025’s explosive rise.

    Bybit Breach Alone Accounts for $1.46 Billion

    The largest single incident this year was the February hack of the Bybit cryptocurrency exchange, where attackers stole $1.46 billion. Elliptic revealed that more than 30 crypto hacks have been definitively linked to North Korea in 2025.

    While crypto exchanges remain the primary targets, the firm observed a notable rise in attacks against high-net-worth individuals, marking an expansion in the hackers’ victim profile.

    More Advanced Laundering Tactics

    North Korean cyber groups are also evolving the way they launder stolen funds. According to Elliptic, their laundering methods now include:

    • Multi-layered cross-chain transactions

    • Creation and trading of tokens issued by laundering networks

    • Movement of assets across obscure or low-visibility blockchains

    These strategies make it increasingly difficult for law enforcement and analytics firms to trace stolen assets.

    Human Error Overtakes Technical Vulnerabilities

    Elliptic notes a significant shift: most 2025 hacks were carried out through social engineering, where attackers trick or manipulate victims into giving access to their cryptocurrency accounts.

    This marks a move away from earlier years, when hackers often exploited technical flaws in blockchain or exchange infrastructure. The report underscores that the “human layer” has become the weakest point in crypto security.

    U.S., South Korea & Japan Issue Joint Warning

    In a joint statement, the United States, South Korea, and Japan warned that North Korea’s expanding cyber program represents a serious threat to global financial stability.

    They emphasized their commitment to working together to:

    • Prevent future crypto thefts

    • Recover stolen funds

    • Block North Korea from using illicit revenue to support its weapons of mass destruction programs

    The three governments also urged companies to be cautious when hiring remote tech workers, noting that North Korean IT specialists are increasingly using fake identities to secure jobs and funnel earnings back to the regime.

    U.S. Department of Justice Actions

    Earlier this year, on June 5, the U.S. Department of Justice filed a civil forfeiture complaint accusing North Korean IT workers of laundering over $7.74 million in cryptocurrencies to evade sanctions and support the country’s weapons program. These workers allegedly obtained remote roles at tech and blockchain companies using stolen or forged identities.

    Authorities first froze the funds in 2023.

    Matthew Galeotti, head of the DOJ’s Criminal Division, stated that the case highlights how aggressively North Korea exploits the crypto sector to finance its strategic priorities. He added that the Department will continue using every legal tool available to disrupt illicit activity.

    Treasury Sanctions in August

    On Aug. 27, the U.S. Treasury’s Office of Foreign Assets Control imposed sanctions on multiple individuals tied to North Korea’s fraudulent IT worker network. Among them was a Russian national accused of helping move nearly $600,000 by converting crypto into U.S. dollars.

    According to Treasury Undersecretary John K. Hurley, the regime continues to attack American businesses through fraudulent schemes conducted by its global IT workforce.

    He emphasized that the U.S. government remains committed to “protecting Americans and holding bad actors accountable.”

    Read Also: S&P 500, Nasdaq, and Dow React to U.S. Tariffs, Crypto Surge, and Global Market Shifts

    Share.

    Jordan Belfort is a business and finance writer passionate about helping entrepreneurs and professionals make informed decisions. With a keen eye for market trends and financial strategies, he simplifies complex topics into actionable insights. When not writing, Jordan enjoys exploring new investment opportunities and sharing practical money tips.

    Related Posts

    Add A Comment
    Leave A Reply