Joe TidyCyber correspondent, BBC World Service
Targeting high net worth crypto holders has helped North Korean hackers steal more than $2bn (£1.49bn) so far this year according to researchers.
The thefts are a record for the regime-linked hackers who now account for around 13% of North Korea’s gross domestic product (GDP), according to United Nations’ estimates.
For the last few years operatives from hacking teams like Lazarus Group have focussed on attacking cryptocurrency companies for large thefts of digital tokens.
But investigators at research firm Elliptic warn that crypto wealthy individuals have become increasingly attractive targets as they often lack the security measures employed by businesses.
Western security agencies say stolen funds are used to finance North Korea’s nuclear weapons and missile development programs.
Dr Tom Robinson, chief scientist at Elliptic, says the targeting of individuals – which is less likely to be disclosed – means the true figure for hacks carried out by North Korea could be even higher.
“Other thefts are likely unreported and remain unknown as attributing cyber thefts to North Korea is not an exact science.”
“We are aware of many other thefts that share some of the hallmarks of North Korea-linked activity but lack sufficient evidence to be definitively attributed,” he says.
North Korea’s UK embassy was approached for comment but did not immediately respond. Previously the regime has denied any involvement in hacks.
Elliptic and other companies like Chainalysis are able to track the movement of stolen funds like Bitcoin and Ethereum by following the public list of transactions on the blockchain.
Over the years researchers have noticed patterns in methods and tools favoured by North Korean hackers.
Elliptic estimates that 2025’s bumper year so far takes the cumulative known value of cryptoassets stolen by the regime to more than $6bn.
North Korea does not disclose GDP figures but the UN estimates that in 2024 the country made $15.17bn.
The worst hack of the year attributed to North Korea came in February this year when hackers swiped $1.4bn from crypto exchange ByBit.
As well as the ByBit hack in February, Elliptic analysts have attributed more than 30 other attacks to North Korea so far this year.
An attack on WOO X in July saw $14 million stolen from 9 users.
Another case led to $1.2m of digital coins stolen from Seedify.
Elliptic has privately worked with victims on other attacks that cost unnamed organisations and individuals tens, or even hundreds of millions.
The highest theft of cryptocurrency from an individual so far this year is $100m.
This year’s activity dwarfs the regime’s previous record set in 2022 when it is accused of stealing $1.35 billion in total.
As well as a prolific cyber crime team, the regime is increasingly being accused of operating an elaborate fake IT workers programme to bring in additional money and skirt international sanctions.
