Hackers linked to North Korea’s government have stolen over $2 billion in cryptocurrency in 2025, setting a new annual record according to blockchain analytics firm Elliptic. The haul, amassed through more than thirty documented cyberattacks, exceeds the previous 2022 high of $1.4 billion. Elliptic now estimates the regime’s total crypto theft since 2017 at over $6 billion, with most of the proceeds believed to support North Korea’s nuclear weapons programme.

The largest single incident in 2025 was a $1.4 billion breach of crypto exchange Bybit, attributed to North Korean operators. However, analysts say what’s most notable is not just the scale, but a pronounced shift in attack strategy.

Traditionally, high-value crypto thefts have relied on “technical hacking” methods: exploiting vulnerabilities in software code, breaching network defenses, or bypassing authentication protocols to gain direct access to digital wallets or exchange infrastructure. Such technical attacks often require advanced programming knowledge and the ability to discover or weaponise flaws in the target’s underlying technology.

In contrast, North Korean hackers this year have increasingly used “social engineering” techniques. Instead of attacking computer systems directly, social engineering targets the human element. Hackers craft convincing phishing emails, pose as trusted contacts, or manipulate individuals into voluntarily revealing sensitive information such as passwords or private keys. These deceptions may involve fake job offers, fraudulent customer support chats, or impersonating executives to trick staff into approving transfers.

This approach bypasses technical safeguards by preying on trust and error, exploiting psychology rather than code. Social engineering can be harder to detect and prevent, since even robust IT systems may be undermined if an employee is convinced to give away access credentials.

The trend is also expanding targets beyond crypto exchanges to include wealthy private investors, with attackers now tailoring scams to individual victims as well as large institutions. This evolution underscores the growing sophistication and adaptability of North Korea’s cybercrime apparatus, and the need for heightened vigilance not just against technical threats, but against manipulation of people themselves.