North Korean hackers hunt high-value crypto wallets

North Korean hackers have stolen more than $2 billion worth of cryptocurrency so far in 2025, their most profitable year on record, according to a new report by blockchain analytics firm Elliptic.

The thefts, which researchers say now make up around 13 percent of North Korea’s total gross domestic product (GDP), highlight a growing shift in strategy by regime-linked hacking groups such as Lazarus Group. Rather than focusing exclusively on cryptocurrency exchanges, hackers are increasingly targeting high-net-worth crypto holders, many of whom lack the robust cybersecurity measures used by large organisations.

Crypto wealthy individuals now prime targets

“Other thefts are likely unreported and remain unknown as attributing cyber thefts to North Korea is not an exact science,” Dr. Tom Robinson, Chief Scientist at Elliptic was quoted as saying by BBC. “We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed.”

The report warns that private investors, often holding millions in personal wallets, have become lucrative and vulnerable marks for North Korean hackers. Attacks on individuals are also less likely to be disclosed, meaning the actual figure could be even higher than Elliptic’s $2 billion estimate.

Record-breaking year of crypto theft

According to Elliptic, 2025’s cyber theft spree has already eclipsed North Korea’s previous record of $1.35 billion in 2022, bringing the total cumulative stolen crypto to over $6 billion since the country’s cybercrime operations began.

The single largest attack this year came in February, when hackers stole $1.4 billion from the crypto exchange Dubai-based cryptocurrency exchange ByBit. The heist was pulled off by North Korean group hackers. Other incidents include a $14 million theft from nine WOO X users in July and a $1.2 million breach at Seedify. Elliptic also confirmed that several unnamed organisations and individuals lost tens or even hundreds of millions in separate attacks. The largest individual theft so far this year amounted to $100 million.

Funds fueling weapons programs

Western intelligence agencies believe that the proceeds from these cyber heists are being funneled into North Korea’s nuclear weapons and missile development programs, helping the regime sidestep international sanctions.

Elliptic and other blockchain analytics companies like Chainalysis have been instrumental in tracking the stolen funds, using blockchain forensics to trace the flow of Bitcoin, Ethereum, and other digital assets through the public ledger.

Despite mounting evidence, North Korea has consistently denied any involvement in cyberattacks. The country’s UK embassy did not respond to requests for comment.

Expanding illicit operations

In addition to its prolific hacking campaigns, the North Korean regime is also accused of running a fake IT worker network to earn hard currency abroad. This is to further bypass global sanctions and boosting its covert income streams.

The UN estimates that North Korea’s GDP in 2024 was $15.17 billion, meaning that the regime’s cryptocurrency thefts, estimated at $2 billion in 2025 alone, could represent a significant share of its national revenue.

As the sophistication of North Korean cybercrime operations grows, experts warn that crypto investors must strengthen their own defenses, especially those holding large digital asset portfolios outside of institutional protection.