Introduction
In 2024 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10], North Korean hackers dramatically intensified their cryptocurrency theft operations, marking a significant surge in cybercrime activities. This escalation not only highlights the increasing sophistication and focus of these groups on digital assets but also underscores the broader implications for global cybersecurity and financial stability.
Description
In 2024 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10], North Korean hackers significantly escalated their cryptocurrency theft activities [1] [8], stealing over $2.2 billion from cryptocurrency platforms [2] [5] [7], the highest amount ever recorded [7]. This staggering figure represents a 102.88% increase from the $660.5 million stolen in 2023 across 20 incidents, highlighting a concerning trend in cybercrime. North Korean-affiliated groups accounted for approximately $1.34 billion of the total thefts across 47 incidents, underscoring their growing focus on cryptocurrency as a means to generate funds amid ongoing international sanctions. Notably, North Korea is responsible for over half of global cryptocurrency thefts [3] [6], with US officials describing these hackers as “the top bank robbers in the world,” emphasizing their extensive training and targeting of Western financial institutions [6].
The frequency of high-value attacks, particularly those exceeding $50 million [2] [8], rose sharply [3], contrasting with previous years when smaller thefts were more common [8]. The total number of individual incidents increased from 282 in 2023 to 303 in 2024 [2], with most hacks occurring in the first half of the year, during which the cumulative value stolen reached $1.58 billion [2], an 84% increase compared to the same period in 2023 [2] [5]. A notable incident in 2024 involved the Japanese cryptocurrency exchange DMM Bitcoin [8], which suffered a breach resulting in the theft of approximately 4,500 Bitcoin [8], valued at $305 million at the time [8]. The attackers exploited vulnerabilities in DMM’s infrastructure [8], leading to unauthorized withdrawals [8], although the exchange managed to cover customer deposits through support from affiliated companies [8]. This theft was traced through intermediaries to a Cambodian exchange [9], which subsequently led to the exchange’s closure. Another significant breach occurred at WazirX, an Indian exchange [4] [9], which led to a halt in withdrawals [4].
Despite the active start to the year [8], there was a noticeable decline in hacking activity in the second half of 2024, attributed to geopolitical factors [2] [5], including a summit between Russian President Vladimir Putin and North Korean leader Kim Jong-un in late June [8]. Following this meeting [3] [5] [8], the average daily value lost from North Korean exploits dropped by approximately 54% [8], indicating a significant decrease in hacking incidents. This shift may suggest a redirection of resources towards military support for Russia in Ukraine [8], although the exact correlation with the summit remains uncertain [8].
Interestingly, while the total value stolen decreased in the latter half of the year, the frequency of North Korean attacks increased [2], particularly those involving thefts between $50 million and $100 million [2], as well as those exceeding $100 million [2]. This trend suggests an improvement in the hackers’ capabilities. Additionally, there was a rise in lower-value hacks [2], around $10,000 [2], believed to be linked to North Korean IT workers infiltrating cryptocurrency and Web3 companies [2] [8]. These workers employ advanced tactics [2], such as creating fake employment websites and posing as legitimate IT professionals to compromise networks and operations. Earlier in the year, 14 North Korean nationals were indicted for stealing over $88 million through extortion and theft of proprietary information while posing as remote IT employees in the US. A UN expert group has found that the funds obtained from these cybercrimes are used to finance North Korea’s illegal ballistic missile and nuclear programs [6], with US estimates indicating that one-third of the missile program is funded through cybercrime activities [6]. This growing threat underscores the need for heightened vigilance regarding cybersecurity and national security, prompting recommendations for cryptocurrency companies to enhance employee vetting processes [5], provide regular training [5], and improve security measures [5], including data-sharing initiatives and advanced tracing tools [5].
Conclusion
The escalation of North Korean cyber activities in 2024 has profound implications for global cybersecurity and financial systems. The increased sophistication and frequency of these attacks necessitate a robust response from international stakeholders. Enhanced security measures, improved employee vetting, and international cooperation are critical to mitigating these threats. As cybercrime continues to evolve, proactive strategies and vigilance will be essential in safeguarding digital assets and maintaining global financial stability.
References
[1] https://news.bloomberglaw.com/crypto/north-korean-hackers-stole-1-3-billion-in-crypto-in-2024-1
[2] https://www.infosecurity-magazine.com/news/cryptohackers-steal-22bn-north/
[3] https://www.investmentexecutive.com/news/from-the-regulators/crypto-crime-up-in-2024-report/
[4] https://techcrunch.com/2024/12/19/north-korea-linked-hackers-have-hit-a-new-peak-accounting-for-61of-all-crypto-stolen-in-2024/
[5] https://technext24.com/2024/12/19/cybercriminals-stole-2-2bn-crypto-2024/
[6] https://en.protothema.gr/2024/12/19/north-korean-hackers-stole-1-3-billion-in-cryptocurrency-in-2024/
[7] https://www.detroitnews.com/story/business/2024/12/19/north-korean-hackers-stole-record-1-3-billion-in-crypto-in-2024/77084034007/
[8] https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2025/
[9] https://thetechportal.com/2024/12/19/north-korea-crypto-hack-2024-1-billion/
[10] https://www.neowin.net/news/22-billion-in-crypto-stolen-in-2024-north-korea-largely-to-blame/
