SEOUL, Oct. 8 (UPI) — North Korea-backed hackers have stolen more than $2 billion in cryptoassets so far this year, according to blockchain analytics firm Elliptic.
In a report published on the company’s website Tuesday, researchers said that the sum was the result of more than 30 hacks and represented “the largest annual total on record, with three months still to go.”
This year’s record haul was driven by the theft of nearly $1.5 billion in virtual assets from cryptocurrency exchange Bybit by the North’s state-sponsored Lazarus Group, in what has been described as the biggest heist in history.
Other attacks publicly attributed to North Korea in 2025 include $14 million stolen from nine users on crypto exchange WOO X in July and $1.2 million in tokens stolen from blockchain funding platform Seedify in September.
While North Korea remains under heavy international sanctions, it has increasingly turned to hacking and cybertheft in recent years to bankroll its missile and nuclear programs.
Pyongyang funds 40% of its weapons programs through “illicit cybermeans,” the U.N. Security Council’s now-disbanded Panel of Experts estimated in an annual report released last year.
The cumulative known value of cryptoassets stolen by North Korea since 2017 is more than $6 billion, Elliptic said, adding that the actual figure may be higher.
“We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed,” the report said. “Other thefts are likely unreported and remain unknown.”
Elliptic noted that the tactics used by North Korean hackers are evolving. While earlier attacks focused on exploiting vulnerabilities in crypto infrastructure, the majority of the hacks in 2025 have been perpetrated through “social engineering” — deceiving or manipulating individuals to gain access to their digital assets.
“This shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical,” the report said.