If you own cryptocurrency, you need to understand who is trying to steal it and how they plan to do it. On October 8, 2025, blockchain research firm Elliptic published a report revealing that North Korean hackers have stolen more than $2 billion in cryptocurrency so far this year. That pushes their total theft to over $6 billion since they began targeting the crypto ecosystem. With Bitcoin trading above $123,000 and Ethereum above $4,500, the stakes have never been higher — and the hackers are not just going after big exchanges anymore. They are coming for individual investors like you.
The Basics
North Korea runs state-sponsored hacking teams, the most well-known being the Lazarus Group. These are not random criminals. They are trained operatives backed by a national government, and their primary mission is to steal cryptocurrency to fund North Korea’s nuclear weapons and missile programs. The United Nations estimates that crypto theft now accounts for roughly 13 percent of North Korea’s entire GDP.
In 2025, these hackers have carried out at least 34 separate crypto heists, including the massive $1.46 billion theft from the Bybit exchange. But here is what should concern you as an individual investor: they are increasingly targeting people, not just platforms. Elliptic warns that high-net-worth individuals have become prime targets because they often lack the security measures that companies use.
The main weapon these hackers use is social engineering. Instead of trying to break through complex technical defenses, they manipulate people into giving up access voluntarily. They send fake job offers, create fraudulent LinkedIn profiles, and send emails that look like they come from legitimate companies. When you open a malicious attachment or click a compromised link, they gain access to your computer and everything on it — including your crypto wallets.
Why It Matters
You might think that because you are not a millionaire, you are not a target. That assumption is dangerous. While the biggest individual targets are high-net-worth holders, the techniques developed to attack them are the same ones eventually deployed against smaller accounts. The malware, phishing templates, and social engineering tactics filter down. Understanding how these attacks work now prepares you for the threats that will become commonplace in the months ahead.
Furthermore, even if your individual holdings are modest, the overall security of the crypto ecosystem affects you directly. When exchanges get hacked, markets panic and prices drop. When trust in crypto security erodes, adoption slows and the entire market suffers. Your personal security practices contribute to the health of the ecosystem.
Getting Started Guide
Protecting yourself starts with three simple steps. First, move your crypto off exchanges and into a hardware wallet. A hardware wallet is a physical device, similar to a USB stick, that stores your private keys offline. When your keys are offline, hackers cannot reach them through the internet, no matter how clever their social engineering. Popular options include Ledger and Trezor, both available for under $100.
Second, never click links or open attachments from people you do not know and trust. This applies to email, social media messages, and even direct messages on platforms like Telegram and Discord. North Korean hackers frequently pose as recruiters, offering fake job opportunities with high salaries. If someone you have never met sends you a document to review, delete it immediately.
Third, enable two-factor authentication on every account that supports it. Use an authenticator app like Google Authenticator or Authy rather than SMS-based verification, which can be intercepted. For maximum security, use a hardware security key like a YubiKey.
Beyond these basics, create a separate email address exclusively for your cryptocurrency accounts. Do not use this email for anything else. This limits your exposure if your primary email is compromised. Write your seed phrase — the master key to your wallet — on paper or metal and store it in a secure physical location. Never store your seed phrase digitally, not in a text file, not in a password manager, not in cloud storage.
Common Pitfalls
The biggest mistake new crypto users make is keeping their funds on an exchange. Exchanges are convenient for trading, but they control your private keys, which means you do not truly own your crypto. If the exchange is hacked, your funds can disappear overnight. The second most common mistake is reusing passwords across multiple services. If one service is breached, hackers will try the same credentials on every major exchange and wallet service.
Another trap is urgency. Social engineering works by creating a sense of pressure. A fake recruiter says the position closes tomorrow. A fake support email says your account will be locked in 24 hours. Real opportunities and legitimate support requests do not demand immediate action. When you feel rushed, slow down and verify through an independent channel.
Finally, do not share your screen during unsolicited video calls. Hackers have been observed guiding victims through wallet setup processes while watching their screens, capturing seed phrases and private keys in real time.
Next Steps
Start by auditing your current setup today. Check which of your crypto assets are still on exchanges and plan to move them to a hardware wallet within the next week. Review your email security and enable two-factor authentication on every crypto-related account. Write down your seed phrases on paper and store them securely. Then, make security review a monthly habit. Check your devices for updates, review your recent login activity, and stay informed about new threats. The cryptocurrency market rewards those who take security seriously — and punishes those who do not.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any financial decisions.
34 heists in one year and people still keep their entire stack on a single hot wallet. the threat model has evolved but most users havent updated their opsec since 2021
crypto theft accounting for 13% of North Koreas GDP. these arent random hackers, they are state funded military operations
nk_watch_ honestly most people learn opsec only after getting drained. no amount of articles will fix complacency
Most users only learn OPSEC after getting drained. No amount of articles will fix complacency
fake job offers on LinkedIn as the primary attack vector. if a recruiter sends you a PDF test, run it in a sandbox first
LinkedIn job scams are the new normal. Any recruiter sending unsolicited PDF attachments = RED FLAG
Bridge security is still the weakest link in the ecosystem
13% of north koreas GDP from crypto theft is insane. its not just crime, its a state funding strategy backed by a nuclear weapons program
Bug bounties are the most cost-effective security investment
state backed hackers sending fake job offers on linkedin and people still click attachments from strangers. social engineering is undefeated
opsec_daily the fake recruiter angle is so underdiscussed. my buddy almost opened a PDF from someone claiming to be from a16z last month. only thing that stopped him was the email domain being off by one letter
Fake job offers on LinkedIn are primary attack vector. PDF attachments from strangers = RED FLAG
The cost of a security breach always exceeds the cost of prevention
34 separate crypto heists in 2025 alone from DPRK including the $1.46B Bybit theft. and they are targeting individuals not just exchanges now
34 crypto heists in 2025 alone from DPRK. Targeting individuals now, not just exchanges
13% of NKs GDP from crypto theft. This isnt crime, its state funding for nukes, parent => 42542, date => 2026-06-19 06:32:44],
[name => PrivacyFirst, email => [email protected], content => The .46B Bybit hack showed theyre going after institutional money now, not just retail