Hackers working for the North Korean government have stolen more than $2 billion in crypto so far this year, according to blockchain analysis firm Elliptic.
On Tuesday, Elliptic published a blog post with this new estimate, which the company says is the “largest annual total on record, with three months still to go,” and is based on more than 30 hacks this year.
The previous record was in 2022, when North Korea stole $1.35 billion. The regime’s total amount of stolen crypto since 2017 is at least $6 billion, according to Elliptic, which said that figure may still be an underestimate.
“The actual figure may be even higher. Attributing cyber thefts to North Korea is not an exact science,” reads the blog post.
“We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed. Other thefts are likely unreported and remain unknown,” said Elliptic.
The company said that North Korea’s main targets are still crypto exchanges, but the regime’s hackers are also starting to target “high-net-worth individuals,” who own large amounts of crypto.
And that’s not the only recent change, the company said.
“The majority of the hacks in 2025 have been perpetrated through social engineering attacks, where hackers deceive or manipulate individuals in order to gain access to cryptocurrency,” read the blog post. “This marks a shift from earlier attacks where in many cases technical flaws in crypto infrastructure were exploited to steal funds. This shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical.”
Elliptic’s estimate seems to be in line with that of other organizations. Last year, the United Nations Security Council estimated that between 2017 and 2023, North Korean hackers stole $3 billion in cryptocurrency. Adding Elliptic’s estimates of this year’s $2 billion, and last years’ $742.8 million, the total gets close to the $6 billion figure.
The governments of Japan, South Korea, and the United States accused North Korean hackers of stealing more than $659 million in 2024, roughly the same figure as Elliptic’s.
The United Nations believes the regime led by Kim Jong-un uses the stolen crypto to fund its nuclear weapons program.
This year’s record was fueled mostly by the massive theft of more than $1.4 billion from crypto exchange Bybit, which the FBI and several blockchain monitoring firms and researchers attributed to North Korea.
Other victims of North Korea’s hackers in the crypto world over the years have been play-to-earn game Axie Infinity ($625 million in 2022), crypto startup Harmony ($100 in 2022), and crypto exchange WazirX ($235 million in 2024), among many others.
