Researchers say North Korean hackers are stealing record amounts

Hackers linked to the North Korean regime have so far stolen more than $2m (£1.49bn) according to researchers who say 2025 is a record year for criminals in the country.

The thefts now account for about 13% of the underground country’s gross domestic product (GDP), according to UN estimates.

Western security agencies say this money is used to fund North Korea’s missile development programs.

Over the past few years, participants from hacking teams like the Lazarus Group have focused on attacking cryptocurrency companies over large thefts of digital tokens.

The worst of these attacks came in February of this year when hackers $1.4 billion passed from Crypto Exchange Bybit.

But new research from researchers at research firm Elliptical warns that cybercriminals are increasingly targeting individuals carrying large amounts of encryption.

Researchers warn that high-net-worth individuals are becoming increasingly attractive targets because they often lack the security measures used by companies.

Dr Tom Robinson, chief scientist at Elliptical, says targeting individuals – which is unlikely to go undetected – means the true number of hacks carried out by North Korea may be higher.

“Other thefts will likely go unreported and remain unknown because attributing cyber thefts to North Korea is not an exact science.”

“We are aware of several other thefts that share some of the hallmarks of North Korea-related activity but lack sufficient evidence for definitive attribution,” he says.

The North Korean embassy in the UK was approached for comment but did not immediately respond. Previously, the regime denied any involvement in the hacks.

Elliptical and other companies like Chainalysis can track the movement of stolen funds like Bitcoin and Ethereum by following the public list of transactions on the blockchain.

Over the years, researchers have noticed patterns in the methods and tools favored by North Korean hackers.

Elliptical estimates that the 2025 bumper to date takes the known cumulative value of cryptocurrencies stolen by the system to more than $6 billion.

In addition to the Bybit hack in February, Elliptical analysts have attributed more than 30 other attacks on North Korea so far this year.

An attack on Woo X in July saw $14 million stolen from 9 users.

Another case resulted in $1.2 million in cryptocurrency stolen from Seedify.

This year’s activity dwarfs the regime’s previous record in 2022 when it is accused of stealing $1.35 billion in total.

In addition to a prolific cybercrime team, the system is increasingly accused of operating Fake IT workers A program to bring in additional funds and avoid international sanctions.