Redazione RHC : 8 October 2025 12:27
A North Korean-linked hacking network stole over $2 billion in cryptocurrency in the first nine months of 2025. Elliptic analysts call this the largest amount ever recorded, with three months remaining in the year.
The total amount stolen is estimated to have exceeded $6 billion , and according to the United Nations and several government agencies, these funds finance North Korea’s missile and nuclear weapons programs.
According to Elliptic, the actual figure could be higher, as it’s difficult to attribute specific thefts to Pyongyang, a task that requires blockchain analysis, money laundering investigations, and intelligence activities. In some cases, the incidents only partially match the patterns characteristic of North Korean groups, while other incidents may have gone unreported.
The primary source of record losses was the February hack of the Bybit exchange, which resulted in the theft of $1.46 billion in cryptocurrency. Other confirmed incidents this year include attacks on LND.fi, WOO X, and Seedify . Elliptic also links over 30 additional, unreported incidents to North Korea . This figure is nearly triple last year’s and significantly surpasses the previous record set in 2022, when asset thefts were recorded from services such as Ronin Network and Horizon Bridge.
At the same time, the attack vector has changed significantly. While cybercriminals previously exploited vulnerabilities in cryptocurrency infrastructure, they are now increasingly using social engineering methods . The main losses in 2025 will be due to deception, not technical flaws.
Wealthy users without corporate security mechanisms are at risk. They are attacked through fake contacts, phishing messages, and convincing communication schemes, sometimes due to connections to organizations holding large amounts of digital assets . Thus, the weak link in the crypto industry is gradually becoming the human element.
At the same time, a race is developing between analysts and launderers. As blockchain tracing tools become more accurate, criminals are becoming more sophisticated in their schemes to transfer stolen assets. A recent Elliptic report describes new approaches to hiding their tracks: multi-stage transaction mixing, cross-chain transfers between Bitcoin, Ethereum, BTTC, and Tron blockchains , the use of darknets with low analytical coverage, and the exploitation of “return addresses” that redirect funds to new wallets. Sometimes, criminals create and trade their own tokens, issued directly within the networks where money laundering occurs . All of this turns investigations into a cat-and-mouse game between investigators and highly skilled groups operating under state control.
However, blockchain’s transparency remains a key advantage for investigations. Each stolen coin leaves a digital trail that can be analyzed and linked to other transactions. According to researchers, this makes the cryptocurrency ecosystem more resilient and reduces North Korea’s ability to finance its military programs.
The $2 billion stolen in just nine months is a worrying sign of the scale of the threat. North Korean cyber units are becoming increasingly inventive, but blockchain-based forensic tools help maintain balance, ensuring transparency and increasing the accountability of market participants. This ongoing battle for control of digital flows is determining not only the fate of the cryptocurrency market, but also issues of international security.
Redazione