North Korean leader Kim Jong Un leads a party meeting on strengthening the military, in this photo released by the Korean Central News Agency on May 30, 2025. KCNA via Reuters
Hackers linked to North Korea have stolen more than $2 billion worth of crypto assets in the first nine months of 2025, already marking the largest annual total on record, blockchain analytics company Elliptic said in an Oct. 7 analysis.
The company said this brings the cumulative known value of crypto assets stolen by the regime to more than $6 billion. According to the United Nations and various government agencies, these funds are believed to play a “critical role in financing North Korea’s nuclear weapons and missile development programs,” Elliptic stated.
“The 2025 total already dwarfs previous years and is almost triple last year’s tally, underscoring the growing scale of North Korea’s dependence on cyber-enabled theft to fund its regime,” Elliptic stated. “By comparison, the previous record year was 2022, when $1.35 billion in crypto assets were stolen.”
The breach of cryptocurrency exchange Bybit in February—in which $1.46 billion was stolen by hackers—was the single-largest theft event contributing to the $2 billion figure, according to Elliptic. The company said it has identified more than 30 crypto hacks linked to North Korea this year so far.
While most victims of such losses in 2025 were crypto exchanges, an increasing number have been high-net-worth individuals.
Some of the crypto laundering strategies used by hackers include the use of multiple rounds of cross-chain transactions, creating and trading tokens issued by laundering networks, and using obscure blockchains that have little analytics coverage, according to the company.
“The majority of the hacks in 2025 have been perpetrated through social engineering attacks, where hackers deceive or manipulate individuals in order to gain access to cryptocurrency,” Elliptic stated.
“This marks a shift from earlier attacks where in many cases technical flaws in crypto infrastructure were exploited to steal funds. This shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical.”
On Jan. 15, the United States, South Korea, and Japan issued a joint statement warning about the cyberthreat posed by North Korea.
A new type of intermediate-range hypersonic ballistic missile is test-fired at an undisclosed location in North Korea on Jan. 6, 2025. Korean Central News Agency/Korea News Service via AP
“The DPRK’s cyber program … poses a significant threat to the integrity and stability of the international financial system,” they said in the joint statement. DPRK refers to the Democratic People’s Republic of Korea, the official name of North Korea.
“Our three governments strive together to prevent thefts, including from private industry, by the DPRK and to recover stolen funds with the ultimate goal of denying the DPRK illicit revenue for its unlawful weapons of mass destruction and ballistic missile programs,” they said in the statement.
The three nations advised companies to exercise caution so as not to unknowingly hire North Korean tech workers, who could funnel earnings back to the country’s ruling communist regime.
On June 5, the U.S. Department of Justice said it filed a civil forfeiture complaint alleging that IT workers from North Korea had laundered more than $7.74 million worth of cryptocurrencies to evade U.S. sanctions and fund their nation’s weapons program.
The workers allegedly secured remote jobs at tech companies, including blockchain entities, through fake identities, it said. The $7.74 million worth of funds were initially frozen by authorities in 2023.
“This forfeiture action highlights, once again, the North Korean government’s exploitation of the cryptocurrency ecosystem to fund its illicit priorities,” said Matthew Galeotti, head of the Justice Department’s Criminal Division.
“The Department will use every legal tool at its disposal to safeguard the cryptocurrency ecosystem and deny North Korea its ill-gotten gains in violation of U.S. sanctions.”
On Aug. 27, the Department of the Treasury’s Office of Foreign Assets Control announced sanctions on multiple individuals for being part of a fraudulent IT-worker scheme orchestrated by the North Korean regime.
One of the sanctioned individuals was a Russian national who allegedly facilitated financial transfers worth almost $600,000 by converting cryptocurrencies to U.S. dollars.
“The North Korean regime continues to target American businesses through fraud schemes involving its overseas IT workers, who steal data and demand ransom,” John K. Hurley, undersecretary of the Treasury for terrorism and financial intelligence, said in August.
“Under President Trump, Treasury is committed to protecting Americans from these schemes and holding the guilty accountable.”
If you found this article interesting, please consider supporting traditional journalism
As an independent media without a corporate or billionaire backer, The Epoch Times continues to operate thanks to readers like you.
If you’re committed to supporting independent journalism, please consider subscribing—our limited-time introductory offer is just $1 per week for one year.