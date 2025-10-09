North Korea Linked to $2B Theft in 2025

North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record. A large chunk of the theft came from the Bybit hack in February, when the threat actors stole about $1.46 billion. Other thefts publicly attributed to North Korea in 2025 include those suffered by LND.fi, WOO X, and Seedify. However, it's suspected that the actual figure may be even higher. "The 2025 total already dwarfs previous years and is almost triple last year's tally, underscoring the growing scale of North Korea's dependence on cyber-enabled theft to fund its regime," Elliptic said. A notable shift observed this year is the increasing targeting of high-net-worth individuals. "As crypto prices have risen, individuals have become increasingly attractive targets, often lacking the security measures employed by businesses," the company added. "Some of these individuals are also targeted due to their association with businesses holding large amounts of cryptoassets, which the hackers are looking to steal." The development comes as Fortune reported that the North Korean fraudulent IT worker scheme has funneled up to $1 billion into the regime's nuclear program in the past five years, making it a lucrative revenue-generating stream. North Korean actors well-versed in IT have been observed stealing identities, falsifying their résumés, and deceiving their way into highly paid remote tech jobs in the U.S., Europe, Australia, and Saudi Arabia, using artificial intelligence to fabricate work and disguise their faces and identities. According to the latest statistics from Okta, one in two targets were not tech firms, and one in four targets were not U.S.-based companies, indicating that any company recruiting remote talent could be at risk. Besides a "marked" increase in attempts to gain employment at AI companies or AI-focused roles, other sectors prominently targeted by North Korea included finance, healthcare, public administration, and professional services. The identity services provider said it has tracked over 130 identities operated by facilitators and workers, which can be linked to over 6,500 initial job interviews across more than 5,000 distinct companies up until mid-2025. "Years of sustained activity against a broad range of U.S. industries have allowed Democratic People's Republic of Korea-aligned facilitators and workers to refine their infiltration methods," Okta said. "They are entering new markets with a mature, well-adapted workforce capable of bypassing basic screening controls and exploiting hiring pipelines more effectively." Once hired, North Korea IT workers request payment in stablecoins, likely due to their consistent value, as well as their popularity with OTC traders who can facilitate the off-ramp from cryptocurrency to fiat, Chainalysis noted. The salaries are then transferred through various money laundering techniques, such as chain-hopping, token swapping, bridge protocols, and consolidation addresses, to complicate the tracing of funds.