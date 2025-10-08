North Korea–linked hacking groups have reportedly stolen more than $2 billion in cryptocurrency assets so far in 2025, making this perhaps the most lucrative year yet in cybercrime for the regime of Kim Jong Un. Most of the money was taken in a single breach in February involving the Dubai-based exchange Bybit, where approximately $1.46 billion worth of Ethereum was drained from a cold wallet. According to blockchain analytics firm Elliptic and reports in outlets including Reuters and Bloomberg, this marks one of the largest crypto hacks ever recorded. The FBI officially attributed the attack to North Korea, in an operation it dubbed “TraderTraitor”.

North Korea has now stolen more than $6 billion in crypto since 2017

Elliptic said in a blog post that North Korea‑linked hackers have stolen over $2 billion in 2025 alone, based on more than 30 attributed hacks. Cumulatively, North Korea’s cryptocurrency thefts since 2017 now exceed $6 billion. In 2024 alone, North Korean-linked hackers were documented to have extracted around $659 million in a series of high-profile breaches.

2025: A record-setting year for North Korean crypto hacks

The 2025 thefts already amount to three times the value stolen in 2024. In the Bybit hack, about 401,000 ETH coins were transferred out of the exchange. The FBI warned that the stolen funds would likely be laundered and converted to fiat currency.

So far in 2025, more than 30 separate hacks attributed to North Korea-linked entities have taken place. Many of these attacks have targeted cryptocurrency exchanges and decentralised finance (DeFi) platforms. While centralised exchanges remain key targets, analysts note a tactical shift toward social engineering techniques. CoinDesk reported that these include phishing, impersonation, and insider coercion — methods that exploit human vulnerabilities rather than technical weaknesses to access funds.

If the current total holds — or rises further, as Elliptic has cautioned it may — 2025 could far surpass the previous record of approximately $1.35 billion stolen in 2022.

How North Korea benefits from crypto hacking

According to various reports, stolen cryptocurrency funds may account for up to 13 per cent of North Korea’s GDP. Some estimates suggest that over half of the regime’s missile development budget is funded through cybercrime. However, these figures are not independently verified due to the extreme secrecy surrounding North Korea’s internal finances.

These hacks are widely believed to be carried out by groups under the control of North Korea’s Reconnaissance General Bureau — the country’s main military intelligence agency. Lazarus Group, the most notorious among them, has been linked to multiple high-value attacks.

These operations demonstrate just how central cybercrime — especially crypto theft — has become to North Korea’s strategy for evading sanctions and financing its weapons programmes.

Has Kim Jong Un acknowledged this?

No. Kim Jong Un and the North Korean state have never publicly admitted to involvement in cryptocurrency theft or cybercrime. The regime, in fact, consistently denies responsibility for all cyberattacks attributed to it, including those confirmed by the FBI, the United Nations, and independent cybersecurity firms.