North Korean hackers took more than $2 billion in digital assets through October 2025, according to Elliptic. In a surge that threatens exchanges, DeFi protocols and the ability to trace funds. The largest single incident is the $1.5 billion ether theft from Bybit, attributed to Lazarus Group. Highlighting how a state leverages crypto to finance operations. The 2025 total is almost triple the amount stolen in 2024, driven by more advanced methods.
Elliptic’s tally for January–October 2025 exceeds $2 billion, nearly tripling 2024, and the firm warns the wave of thefts undermines market integrity and crypto’s traceability. The report notes that attackers increasingly target core infrastructure across exchanges and DeFi, complicating incident response.
The Bybit breach moved 401,000 ETH on 21 February 2025, with at least $300 million already laundered, Elliptic says. Lazarus Group is blamed for the attack, and the FBI confirms North Korean involvement. Bybit CEO Ben Zhou told Elliptic the exchange is “waging war on Lazarus.”
Attackers use fake job offers to deploy ‘BeaverTail’ malware, exploit remote monitoring tools and even break into cold wallets. They push coins through mixers such as Tornado Cash, swap across chains and use blockchains with low analytic coverage, hampering investigators at Elliptic or Chainalysis.
Industry and regulatory repercussions
The pattern forces exchanges and custodians to add security layers, as cold wallets have become prime targets. A hacked platform faces reputational damage and stricter compliance checks, with potential knock-on effects for user confidence and liquidity.
Investigators must now track funds across multiple blockchains and obfuscation steps, driving demand for on-chain forensics. The stolen coins fund state activity and help Pyongyang bypass sanctions, weakening international enforcement and raising pressure on regulators to respond.
Elliptic calculates that North Korea controls 13,562 BTC, worth about $1.14 billion, and estimates those holdings equal roughly 13% of the country’s GDP, underscoring how crypto theft supports state operations.
The $2 billion tally is current to October 2025. The next tests are how far the laundered coins move and how regulators answer—developments that will indicate whether the sector can curb the thefts and protect market liquidity and trust.
