North Korean state-backed hackers have intensified their focus on high-net-worth cryptocurrency investors, stealing more than USD 2 billion so far in 2025, according to new research by blockchain analytics firm Elliptic. The figure marks a record year for cyber theft linked to the regime, with estimates suggesting such activities now account for nearly 13 percent of North Korea’s gross domestic product.
The hackers, including those associated with the notorious Lazarus Group, have traditionally targeted cryptocurrency exchanges and blockchain firms. However, Elliptic’s latest findings reveal a strategic shift towards wealthy individual investors, who are often less protected than corporate entities.
“Targeting individuals reduces visibility and reporting, which means the true scale of North Korea-linked crypto theft is likely higher,” said Dr. Tom Robinson, Chief Scientist at Elliptic. “We are aware of many incidents that show hallmarks of North Korean activity but lack conclusive evidence for formal attribution.”
Also Read:- CoinDCX Loses INR 378 Crore in Security Breach, Says Customer Funds Are Safe
Western intelligence agencies believe that stolen crypto funds are being used to finance Pyongyang’s nuclear weapons and ballistic missile programmes, in violation of international sanctions. North Korea’s embassy in London did not respond to requests for comment, although the regime has consistently denied involvement in hacking operations.
Elliptic and other blockchain analytics firms, including Chainalysis, track illicit crypto movements by analysing public blockchain data. Their research shows that North Korean hackers rely on a consistent set of tools and laundering techniques to conceal the origin of stolen assets.
The largest single attack of 2025 occurred in February, when hackers stole USD 1.4 billion from crypto exchange ByBit. Elliptic has also linked more than 30 additional cyberattacks to North Korea this year, including a USD 14 million theft from nine users of WOO X in July and a USD 1.2 million breach at Seedify. The highest loss reported by an individual investor this year stands at USD 100 million.
Also Read:- Why Pi Network May Never Reach $10
Elliptic’s estimates indicate that the cumulative value of cryptocurrency stolen by North Korean hackers now exceeds USD 6 billion. The United Nations places North Korea’s GDP at USD 15.17 billion in 2024, suggesting that cyber theft has become one of the regime’s most significant sources of foreign income.
In addition to its cybercrime operations, North Korea is increasingly accused of running a global network of fake IT workers, designed to earn income abroad and circumvent international restrictions.
Stay connected with FinanceNeoteric on WhatsApp Channel for expert coverage and in-depth financial stories.
Disclaimer: This post is for general informational purposes only. It does not constitute financial advice. Please consult a qualified professional before making financial decisions.
