North Korean hackers steal $2 billion worth of crypto this year, report reveals — who are their targets?

Hackers linked to the North Korean government have stolen over $2 billion in cryptocurrency so far this year, according to a blog post by the blockchain analysis firm Elliptic. This staggering amount marks the largest annual total on record, with three months still remaining in the year.

The previous record was in 2022, when North Korea stole $1.35 billion. Elliptic's analysis estimates the regime’s total amount of stolen crypto since 2017 to be at least $6 billion, though the firm notes this figure may still be an underestimate.

“The actual figure may be even higher. Attributing cyber thefts to North Korea is not an exact science,” reads the blog post.

The firm explained the difficulty in precise attribution, stating that they are “aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed”.

"Other thefts are likely unreported and remain unknown,” said Elliptic.

Who are the targets of these hackers?

Historically, North Korea’s main targets have been crypto exchanges. While these remain a focus, the regime’s hackers are also increasingly targeting “high net worth individuals” who possess substantial crypto holdings.

A significant shift has also been observed in the hackers' methodology, as detailed by the firm. The majority of hacks in 2025 were perpetrated through social engineering attacks, where hackers deceive or manipulate individuals in order to gain access to cryptocurrency.

“This marks a shift from earlier attacks where in many cases technical flaws in crypto infrastructure were exploited to steal funds. This shift highlights that the weak point in cryptocurrency security is increasingly human, rather than technical,” the blog post read.

Why is North Korea stealing crypto?

The record-breaking loot aligns with estimates from that of other organisations. For instance, last year, the United Nations Security Council estimated that between 2017 and 2023, North Korean hackers stole $3 billion in cryptocurrency. Adding Elliptic’s estimates of this year’s $2 billion, and last years’ $742.8 million, the total gets close to the $6 billion figure.

The United Nations believes that the regime led by Kim Jong-Un uses the stolen cryptocurrency to fund its nuclear weapons programme.

This year’s record was largely driven by the massive theft of more than $1.4 billion from crypto exchange Bybit, for which the FBI and several blockchain monitoring firms blamed North Korea. WazirX was another victim of a cyberattack by the North Korea-linked hackers.