Beyond Code: North Korean Hackers Target People, Stolen $2B Fuels Missile Programs

Generated by AI AgentCoin World
Wednesday, Oct 8, 2025 6:15 am ET2min read
BTC
--
ETH
--
TRX
--
Aime RobotAime Summary

- North Korean hackers stole $2B in 2025 crypto, with 73% from Bybit's Ethereum cold wallet breach.

- Attacks shifted to social engineering tactics like phishing and fake job offers, targeting high-net-worth individuals.

- Stolen funds are laundered via cross-chain transactions and custom tokens to evade sanctions and fund missile programs.

- Bybit's bounty platform recovered $40M, but experts urge stronger security protocols and global collaboration against state-sponsored cybercrime.

North Korean hackers have stolen over $2 billion in cryptocurrency in 2025, setting a new annual record with nearly three months remaining in the year. According to blockchain analysis firm Elliptic and international intelligence sources, the vast majority of this theft-$1.46 billion-stemmed from a February breach of Dubai-based exchange Bybit. The attack exploited vulnerabilities in Bybit's

Ethereum
cold wallet and a supplier's software, marking one of the largest crypto heists in history North Korea-linked Hackers Stole Over $2B in Crypto So Far in 2025 – Report[1]. Cumulative losses attributed to North Korean-linked groups since 2017 now exceed $6 billion, underscoring the regime's growing reliance on cybercrime to fund its nuclear and ballistic missile programs North Korean Hackers Steal $2B in Crypto in Record 2025 Heists[2].

The Bybit hack was part of a broader pattern of attacks targeting cryptocurrency platforms. Over 30 incidents in 2025 have been linked to North Korea, including breaches at LND.fi, WOO X, and Seedify. In July, hackers withdrew $14 million from nine WOO X accounts, while Seedify lost $1.2 million. These operations reflect a strategic shift in tactics: while earlier attacks focused on exploiting software vulnerabilities, North Korean groups now increasingly use social engineering techniques such as phishing, fake job offers, and hijacked social media accounts to compromise individual and institutional targets North Korean Hackers Steal Millions From Wealthy Crypto Bros[3]. Elliptic notes that high-net-worth individuals and executives are now primary targets, as their personal accounts lack the robust security measures of corporate systems Alleged North Korea’s 2025 Crypto Hacks | Largest Heist Ever[4].

The stolen funds are laundered through increasingly complex methods. Hackers employ cross-chain transactions across blockchains like

Bitcoin
, Ethereum, and
Tron
, as well as obscure networks with minimal oversight. Token mixing and the creation of custom tokens further obscure the trail of illicit assets. The FBI has attributed these efforts to Pyongyang's "TraderTraitor" operation, which aims to convert stolen crypto into fiat currency to evade sanctions North Korean hackers blamed for record spike in crypto thefts in 2025[5]. In response to the Bybit breach, the exchange launched LazarusBounty.com, a platform to recover assets and incentivize informants, recouping $40 million in stolen funds and $4 million in rewards North Korea crypto thefts in 2025 soar past $2 billion, led by Bybit …[6].

The scale of these thefts has raised alarms among global regulators and cybersecurity experts. The United Nations and U.S. authorities have repeatedly highlighted the role of North Korean cybercrime in circumventing international sanctions. A report by TRM Labs estimated that North Korea accounted for 70% of global crypto crime in the first half of 2025, with the regime's cyber operations generating up to 13% of its GDP North Korean Hackers Steal Record $2 Billion Cryptocurrency in …[7]. The shift from technical exploits to human-centric tactics has also complicated efforts to secure the crypto ecosystem, as social engineering attacks exploit psychological vulnerabilities rather than system flaws North Korean Hackers Steal Millions From Wealthy Crypto Bros[8].

Industry responses to these threats remain mixed. Bybit's bounty initiative and transparency measures represent a novel approach to asset recovery, but broader systemic solutions are lacking. Experts emphasize the need for enhanced user education, multi-layered security protocols, and collaboration between exchanges and law enforcement to combat the evolving threat landscape. As North Korean hackers continue to refine their strategies, the crypto industry faces a critical test in balancing innovation with resilience against state-sponsored cybercrime North Korea crypto thefts in 2025 soar past $2 billion, led by Bybit …[9].