North Korean Hackers Linked to $1.3 Billion in Cryptocurrency Theft in 2024

In a disconcerting trend, hackers purportedly associated with North Korea’s regime have amassed a historic sum of stolen cryptocurrency in 2024. Blockchain analytics firm Chainalysis reported that the value of total stolen crypto could reach $2.2 billion this year, reflecting a 21% increase compared to the previous year. The number of hacking incidents has also surged, with 303 attacks reported thus far, up from 282 in 2023.

North Korean hackers are linked to approximately $1.34 billion in theft through 47 incidents, which represents a twofold increase compared to 2023. This activity primarily reinforces the capabilities of the Democratic People’s Republic of Korea, whose regime receives a significant part of this illicit income to fund its military ambitions, including nuclear weapon development.

Delivering further insights, TRM Labs highlighted that between January and October of this year, North Korea was responsible for anywhere from 50% to 100% of all illicit cryptocurrency transactions. The sources of these breaches largely stem from hacked or exploited assets. Notably, cybercriminals operating from Nigeria followed closely, largely attributed to a single high-volume perpetrator engaged in various scams. The distribution of hacking activities indicates a coordinated effort to exploit vulnerabilities in both centralized and decentralized finance systems.

The unique circumstances surrounding North Korean cyber activity reveal a direct link to the regime’s financial survival. Stolen proceeds not only sustain the elite’s extravagant lifestyles but also fuel the development and procurement of devastating military technologies. While annual crypto losses in 2024 remain below those of previous peak years (2021 and 2022 were marked by Bitcoin values exceeding $66,000), the recent surge in Bitcoin prices—reaching an unprecedented $106,000—could indicate an approaching increase in criminal interest and activity.

Chainalysis has noted that North Korean hackers are directly responsible for 61% of crypto theft value in 2024 and 20% of all documented hacking incidents. Their range of tactics encompasses both significant and minor exploits, with an anticipated uptick in activity during the holiday season.

Examining the changing landscape of cybercriminal targets reveals a pivot from decentralized finance (DeFi) platforms—often perceived as less secure—to centralized services. This shift has implications for organizations managing large volumes of user funds. For instance, the recent cyber incident involving the Japanese exchange DMM Bitcoin resulted in the loss of around 4,500 bitcoins, equating to approximately $303 million, ostensibly due to private key mismanagement.

While the first half of 2024 saw a continuation of high-profile DeFi attacks, the latter half indicates a more concentrated effort against centralized exchanges like WazirX, where an attacker successfully pilfered $230 million in Ethereum, accounting for about 45% of the exchange’s total assets. Investigations continue into these cases, illustrating a growing trend where centralized crypto services become the primary target for cybercriminals.

The decline in incidents after the second quarter raises questions. While losses remain significant, the frequency of attacks appears to have moderated. Notably, an increase in cooperation between North Korea and Russia may signal a strategic shift for DPRK cyber operations. Ties strengthened during a high-profile meeting between leaders of both nations could impact resource allocation and cyber engagement strategies.

As the global landscape of cybersecurity continues to evolve, businesses must remain vigilant. Understanding the tactics and techniques employed by adversaries, such as initial access and privilege escalation—key components of the MITRE ATT&CK framework—will be crucial for developing robust defense mechanisms against these emerging threats. With a backdrop of geopolitical turmoil and increased cyber operations, organizations must prioritize cybersecurity to safeguard their assets and data.