North Korean Crypto Theft Peaks in 2025

Executive Summary

In 2025, North Korea set a new record high in cryptocurrency theft. These activities have led to significant monetary and reputational losses to individuals and organizations. This also prompted international concern and potential intervention. Increasing awareness of social engineering tactics and the adoption of Distributed Ledger Technology (DLT) can help mitigate certain risks for potential targets. These large-scale attacks expose the evolving strategies and vulnerabilities that define today’s cyber landscape. 

Background

North Korea has reportedly stolen a total of $2 billion USD in cryptocurrency, surpassing its previous record set in 2022. This surge, marked by continuous attacks throughout the year, including a major incident in February, has heightened global concern over the use of stolen digital assets and efforts to mitigate them. On February 21, 2025, for instance, approximately $1.46 billion USD crypto assets were stolen from the cryptocurrency exchange platform, Bybit, with investigations tracing the theft back to North Korea [1]. Although digital theft has been a recurring issue in recent years, the current scale represents an alarming escalation in North Korea’s cyber operations. 

North Korean threat actors have primarily exploited cryptocurrency exchange services through system-based attacks. However, there has been a noticeable shift toward social engineering, with adversaries targeting high-net-worth individuals through manipulation and deception [2]. This shift highlights the significant risk that human error continues to pose within cyber security practices. Without proper user education, even robust security systems remain exposed to the threat of manipulation.

Impact

The consequences of North Korea’s large-scale theft extend beyond directly affected victims to international organizations, including the United Nations (UN). Stolen crypto-assets originate from both individuals and organizations, resulting in significant financial and reputational losses. By exploiting human trust rather than technical vulnerabilities, these actors gain access to sensitive information and authorization credentials, resulting in increased embezzlement of crypto assets. There are growing concerns that North Korea may be using these stolen funds to advance its nuclear weapons and missile programs, as they remain under strict UN sanctions [3]. However, there is no conclusive evidence that weapons development serves as the primary motive behind the thefts conducted. 

Mitigation

With social engineering emerging as a new line of attack among threat actors, many mitigation strategies have become increasingly human-centric. Implementing personal countermeasures against threats such as phishing, impersonation, and other socially engineered tactics can help prevent unauthorized access to sensitive information. In addition, both individuals and organizations can also adopt DLT technology, such as blockchain, to enhance transparency and facilitate the tracking of transactional data [4]. Ultimately, effective mitigation depends on the collective responsibility of all parties involved, from individual users to entire organizations, to safeguard their information and reduce the risk of cyber attacks. 

Relevance

While North Korea’s cyber heists carry significant international implications, the techniques employed are increasingly being used against everyday users. Implementing DLT creates an immutable record of transactions, particularly beneficial within cryptocurrency systems, that can later be used to detect and investigate malicious activity. Basic awareness of social engineering, combined with the mitigation strategies, can provide a stronger layer of defense against common forms of cyber attacks. 

References

[1].Elliptic Research (2025, February 23). The largest theft in history – following the money trail from the Bybit Hack. Elliptic. https://www.elliptic.co/blog/bybit-hack-largest-in-history 

[2] Datskolou, Lance. (2025, October 7). How North Korean hackers stole a record $2n in crypto– and the year’s not over. DLNews. https://www.dlnews.com/articles/markets/how-north-korean-hackers-stole-a-record-two-billion-in-crypto/ 

[3] Guardian Staff Reporter. (2024, February 7). Cyber-attacks by North Korea raked in $3bn to build nuclear weapons, UN monitors suspect. The Guardian. https://www.theguardian.com/world/2024/feb/08/cyber-attacks-by-north-korea-raked-in-3bn-to-build-nuclear-weapons-un-monitors-suspect 

[4] Elliptic. (2025, October 7). North Korea’s crypto hackers have stolen over $2 billion in 2025. Elliptic. https://www.elliptic.co/blog/north-korea-linked-hackers-have-already-stolen-over-2-billion-in-2025