In summary
- North Korean hackers stole $1.34 billion in 47 incidents in 2024, doubling the amount stolen in 2023.
- Advanced techniques such as deepfakes and fake identities made it difficult to detect cybercriminals.
- The stolen funds were used to finance weapons of mass destruction and ballistic missile programs.
The Democratic People’s Republic of Korea — commonly known as North Korea — is responsible for 61% of the stolen cryptocurrencies this year, according to Chainalysis.
“In 2023, North Korea-affiliated hackers stole approximately $660.5 million in 20 incidents; in 2024, this figure increased to $1.34 billion stolen in 47 incidents — a 102.88% increase in stolen value,” according to a recent report from leading Cryptocurrency forensics firm Chainalysis. This is the largest amount stolen by North Korean hackers in any year to date.
Luis Lubeck, services project manager at crypto cybersecurity firm Hacken, told Decrypt that financial collaboration between North Korea and Russia aggravates the situation.
“It increases threats by sharing tools and expertise, complicating attribution and response efforts,” he said. “This partnership could intensify global cyber conflicts and redefine how cyber warfare will be conducted with alliances rather than individual efforts by a single state.”
One trend the industry has seen develop is that North Korea-linked hackers pose as smart contract developers, intentionally including hidden vulnerabilities or backdoors in the projects they contribute to. So far in 2024, 47 hacks have been linked to North Korean hackers, equivalent to two-thirds of the total number of cryptocurrency hacks.
These hacks include the $50 million stolen from Radiant Capital, when a North Korea-linked cybercriminal posed as a former file-sharing contractor to deliver malware to an employee. The malware in question was apparently sophisticated: it established a permanent backdoor on macOS while displaying a legitimate PDF to the user to avoid detection.
Actors linked to North Korea are taking advantage of increasingly advanced tactics, with Lubeck noting that “new tactics leverage AI to create false identities (with the evolution of deepfakes), making it more difficult to identify malicious actors.” Older techniques continue to pose challenges, including detecting advanced phishing and identifying fake digital identities for remote workers.
U.S. and international officials say North Korea is using the cryptocurrencies it steals to fuel the development of weapons of mass destruction and its ballistic missile programs. Reports published in May suggest that their hacking efforts fund half of North Korea’s missile program.
Lubeck suggested that a possible solution could be to “strengthen international collaboration on cryptocurrency tracking, enforce stricter KYC measures on exchanges, and improve real-time intelligence sharing.” He also highlighted that the sanctions show limited effectiveness due to evasion tactics.
Edited by Stacy Elliott.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
For the Latest Crypto News, Follow ©KeynoteUSA on Twitter Or Google News.
Disclaimer: Please note that the information provided on this page is for News purposes only and should not be considered investment or trading advice. ©Crypto.keynoteusa.com strongly recommends that you conduct independent research and/or consult with a qualified professional before making any investment decisions.
