Blockchain Analysis Firm Elliptic Reveals Record Hacking Activity, Highlighting a Shift in Cybersecurity Threats

According to blockchain analysis firm Elliptic, North Korean hackers have stolen over $2 billion in cryptocurrency so far this year, marking the largest annual total on record. This figure is based on more than 30 hacks and includes three months still remaining in the year. The previous record was set in 2022, when North Korea stole $1.35 billion. Since 2017, the regime’s total stolen crypto is estimated to be at least $6 billion, though Elliptic suggests the actual figure may be higher due to unreported or unattributed thefts.

Elliptic noted that while North Korean hackers continue to target crypto exchanges, they are increasingly focusing on high-net-worth individuals who hold large amounts of cryptocurrency. Additionally, the nature of these attacks has shifted; most of the hacks in 2025 have been carried out through social engineering, where hackers manipulate individuals to gain access to cryptocurrency. This marks a move away from exploiting technical flaws in crypto infrastructure, highlighting that human error is now a more significant vulnerability than technical weaknesses.

Elliptic’s estimate aligns with other organizations’ assessments. The United Nations Security Council previously estimated that between 2017 and 2023, North Korean hackers stole $3 billion in cryptocurrency. Adding Elliptic’s current estimate of $2 billion and last year’s $742.8 million brings the total close to the $6 billion figure. Governments of Japan, South Korea, and the United States have also accused North Korean hackers of stealing more than $659 million in 2024, a figure that matches Elliptic’s estimate.

The United Nations believes that the stolen cryptocurrency is used to fund North Korea’s nuclear weapons program. This year’s record was largely driven by a massive theft of over $1.4 billion from the crypto exchange Bybit, which the FBI and several blockchain monitoring firms attributed to North Korea. Other notable victims include the play-to-earn game Axie Infinity ($625 million in 2022), crypto startup Harmony ($100 million in 2022), and crypto exchange WazirX ($235 million in 2024).

Elliptic also pointed out that many of the cyber thefts attributed to North Korea may not be fully documented or attributed due to the lack of definitive evidence. The firm emphasized that while some attacks are well-documented, others remain unknown or unreported, making the true scale of North Korea’s cyber operations potentially even greater than the $6 billion estimate.

As the threat landscape evolves, cybersecurity experts warn that the increasing reliance on social engineering tactics by North Korean hackers underscores the need for better education and awareness among cryptocurrency users and institutions. The shift from technical vulnerabilities to human error highlights a critical area for improvement in the security of digital assets.

In addition to the North Korean threat, recent cybersecurity news highlights a new zero-day vulnerability in Oracle’s E-Business Suite, tracked as CVE-2025-61882. This flaw allows hackers to exploit systems without needing a username or password, and it has been linked to the hacking group Clop, known for ransomware attacks and extortion campaigns. Oracle has released a patch to address the issue, urging customers to update their systems immediately. The vulnerability has been exploited in a “mass exploitation” campaign, with hackers targeting corporate executives by sending extortion emails demanding payment to prevent the release of sensitive personal information.

This highlights the growing sophistication of cyber threats, not only from state-sponsored actors like North Korea but also from organized hacking groups exploiting zero-day vulnerabilities in widely used enterprise software. As these threats continue to evolve, businesses and individuals alike must remain vigilant and adopt more robust security practices to protect their digital assets.