North Korean Hackers Stole Over $2 Billion in Crypto in 2025
Record-breaking year for state-backed cybercrime
According to blockchain analytics firm Elliptic, hacker groups linked to North Korea have stolen more than $2 billion in cryptocurrencies during the first nine months of 2025.This marks a new all-time record in cybercrime history, nearly doubling the figures of 2023–2024.
Since monitoring began, the total amount of funds stolen by DPRK-related groups has exceeded $6 billion.
One of the most significant incidents occurred when the Bybit exchange was hacked, resulting in a loss of approximately $1.46 billion in digital assets.
Main targets of cyberattacks
North Korean hackers operate independently, using decentralized services and anonymous wallets.Experts estimate that between 20% and 35% of all stolen assets were in Bitcoin, while the remainder consisted of Ethereum, Tron, and various stablecoins.
Most of the 2025 attacks were directed at DeFi platforms and centralized exchanges, where hackers exploited smart contract vulnerabilities and weak internal authentication systems.
Shadow routes for laundering stolen funds
To obscure the origins of their stolen crypto, North Korean groups employ complex, multi-stage laundering schemes:- Conducting transactions through lesser-known blockchain networks with minimal monitoring;
- Using crypto mixers and mule services for anonymization;
- Converting assets into stablecoins such as USDT and USDC;
- Transferring funds via OTC brokers connected to Asian markets.
Many of these operations are conducted through Asian and Middle Eastern exchanges not listed under the FATF framework, making fund recovery extremely difficult.
Links to Lazarus Group and government entities
The majority of the attacks are attributed to the infamous Lazarus Group, which operates under the direction of the North Korean regime.According to UN experts, part of the stolen assets is used to fund nuclear and military programs and to purchase sanctioned goods through intermediaries in China and Russia.
Elliptic’s report emphasizes that government involvement enables these groups to act with impunity and integrate stolen funds into the North Korean economy via state-controlled banks and export companies.
Global response and countermeasures
Financial regulators in Japan, South Korea, the United States, and the EU have strengthened monitoring of large crypto transfers and are requiring exchanges to adopt fund origin tracking systems.However, experts from Chainalysis warn that without international coordination, completely stopping these attacks is impossible.
Conclusion
North Korean cyber groups continue to expand their influence in global crypto crime.Experts believe that 2025 could become the most profitable year for the Lazarus Group ever recorded.
With Bitcoin prices rising and the number of DeFi projects growing, the scale of their operations is expected to increase even further.
Editorial Team — CoinBotLab