North Korea-linked hackers accounted for 61% of all crypto stolen in 2024
With the rising adoption and value of crypto assets, the potential for theft is also on the rise. This year, the total value of cryptocurrency stolen surged 21%, reaching a substantial $2.2 billion.
And according to a Chainalysis report released on Thursday, more than half of this amount was stolen by North Korea-affiliated hacking groups.
It’s not surprising that North Korea has become a notorious country known for hacking crypto assets to fund state-sponsored activities such as its missile program and evade global sanctions. Earlier this year, the United Nations Security Council said that North Korean hackers had stolen $3 billion in cryptocurrency assets between 2017 and 2023. In 2024, hackers linked to North Korea took 61% of the total amount stolen for the year, worth $1.34 billion, in 47 cases, per the report by Chainalysis. This shows they are becoming more involved in these attacks, with $660.5 million stolen in 20 incidents in 2023 and nearly $400 million worth of digital assets hacked by North Korea in 2022.
This year’s crypto hacking ranges from $50 to $100 million, and those above $100 million happened more often compared to 2023, indicating that the Democratic People’s Republic of Korea (DPRK) is improving in conducting large-scale cyber attacks.
Naturally, tech experts from North Korea have been caught up in these events, getting into crypto and Web3 companies. These workers use sneaky tactics like using fake names, hiring through third parties, and taking advantage of remote job openings to get in. More than twelve blockchain companies unknowingly hired undercover IT workers from a rogue state, leading to cybersecurity and legal risks, as reported by Coindesk in October. North Korean hackers have pilfered billions in cryptocurrency by impersonating venture capitalists and recruiters.
Just last week, the U.S. Department of Justice charged 14 individuals from North Korea for working remotely as IT employees at American companies, making over $88 million between April 2017 and March 2023 by stealing confidential data and blackmailing their employers. All 14 are listed as “Wanted by the FBI.”
Declined crypto hack after July
The report highlighted that most crypto hack activities occurred from January to July this year, which had already exceeded $1.58 billion, around 84.4% higher than the amount stolen during the same period in 2023. Following July, the upward trend slowed significantly, in stark contrast to the years 2021 and 2022, potentially due to a geopolitical issue. Chainalysis attributes the stagnation in hacked volume-post July to North Korea’s alliance with Russia, which emerged after a meeting between Vladimir Putin, the Russian President, and Kim Jong Un, the leader of North Korea, in June.
The amount of crypto assets stolen by the DPRK dropped by 53.73% after the June summit, per the report by Chainalysis. North Korea, which has increased its cooperation with Russia, might have switched up its cybercrime tactics apart from redirecting its military sources on the Ukraine situation (the ongoing conflict between Russia and Ukraine), the report says.
Russia released millions of dollars in North Korean assets that had been frozen by United Nations sanctions, strengthening their alliance. At the same time, Pyongyang sent troops to Ukraine, sent ballistic missiles to Russia, and reportedly requested advanced space, missile, and submarine technology from Moscow.
Victims need stronger security
Crypto hacking continues to pose a constant threat, with over a billion dollars worth of crypto being hacked in four separate years within the past decade – 2018 ($1.5 billion), 2021 ($3.3 billion), 2022 ($3.7 billion), and 2023 ($1.8 billion), per the report.
Decentralized finance (DeFi) platforms that prioritize growth over security have been the primary targets of cryptocurrency hacks in the last three years and were accountable for the highest amount of stolen assets in Q1 2024. However, during the period between Q2 and Q3, centralized services were the main target of attacks.
A few notable cases of centralized services hacked by North Korea in 2024 include DMM Bitcoin, a Japanese crypto exchange that lost $305 million (48 billion yen) of bitcoin following a hack, and WazierX, an Indian crypto exchange, which halted withdrawals in July after a security breach by North Korea-linked hackers.
The rise in cryptocurrency theft in 2024, while not as high as in 2021 and 2022, highlights the need for the industry to address a shifting and more complicated threat landscape and adapt to new tactics being used by criminals. Collaboration between the public and private sectors is crucial for addressing the security issue. Sharing data, utilizing tracking tools, and offering targeted training can assist stakeholders in rapidly identifying and halting malicious actors while enhancing the security of cryptocurrency assets.