In 2024, North Korean hackers stole $1.34 billion in cryptocurrency across 47 incidents, making up 61% of global crypto theft. This marks a 102.88% increase from 2023’s $660.50 million. These funds are used to finance weapons programs, posing a global security threat. Key targets include cryptocurrency exchanges, DeFi platforms, and corporate finance systems, with individual attacks often netting $50–$100 million. To counter this, stronger security measures, international collaboration, and stricter regulations are critical.
North Korean Hackers Steal $1.3 Billion in Crypto: How Did They Do It?
The Extent of the Problem
Key Numbers from 2024
In 2024, North Korean hackers were responsible for 61% of global cryptocurrency theft, stealing a staggering $1.34 billion across 47 incidents. This was more than double the $660.50 million stolen in 2023, which occurred over 20 incidents [1]. One of the most striking cases was the breach of DMM Bitcoin in Japan, where hackers made off with $305 million. This incident highlighted their ability to exploit major exchange vulnerabilities while using advanced laundering techniques [1].
| Year | Amount Stolen | Number of Incidents | % of Global Crypto Theft |
|---|---|---|---|
| 2024 | $1.34 billion | 47 | 61% |
| 2023 | $660.50 million | 20 | Not specified |
Effects on Global Crypto Security
The rise in both the frequency and complexity of these attacks has shaken confidence in the cryptocurrency ecosystem. In 2024, large-scale thefts ranging from $50-100 million became more common, showcasing North Korea’s growing expertise in carrying out significant exploits [1]. Geopolitical factors also played a role; for example, stolen amounts showed a notable drop in the second half of the year, coinciding with key diplomatic events [1].
Funding Weapons Programs
The enormous sums stolen in 2024 are being funneled directly into North Korea’s weapons programs, raising serious concerns about global security. U.S. and international officials have confirmed that these funds are used to develop weapons of mass destruction and ballistic missiles [1][2]. In response, international efforts are ramping up. The U.S. and South Korea, for instance, are working together on technologies to track and prevent stolen cryptocurrency [2].
Understanding the scale of these thefts is essential to grasp how North Korean hackers achieve such devastating results and the broader implications for global security.
sbb-itb-d5007e5
How North Korea-Linked Hackers Operate
Techniques and Tools
North Korean hackers often disguise themselves as remote IT professionals to infiltrate companies. They rely on thorough reconnaissance and carefully tailored phishing campaigns to breach systems. Once access is gained, they deploy custom malware to maintain their presence and siphon funds [4][5].
These tactics allow them to zero in on lucrative targets within the cryptocurrency world.
Who They Target
Their primary targets are high-value cryptocurrency entities. Key examples include:
| Target Type | Notable Example |
|---|---|
| Cryptocurrency Exchanges | DMM Bitcoin – $305 million theft |
| DeFi Platforms | Exploiting unpatched vulnerabilities in multiple cases |
| Corporate Finance Systems | $88 million stolen through compromised accounts |
The DMM Bitcoin breach highlights their skill in exploiting weaknesses in exchanges [4]. This focus on high-value targets has contributed to an astounding $1.34 billion stolen in 2024.
Their target choices often align with larger geopolitical goals, showing a shift in tactics during major international events.
The Role of Geopolitics
Geopolitical factors significantly influence North Korea’s hacking strategies. For instance, after the June 2024 summit between Russian President Vladimir Putin and North Korean leader Kim Jong Un, the value of crypto theft dropped by 53.73% in the latter half of the year [4].
To counter detection tools, their operations now include more complex bridging techniques and faster transaction methods [3]. These adjustments highlight their ability to adapt and outmaneuver international efforts to curb their activities.
Ways to Address the Threat
Strengthening Crypto Security
Cryptocurrency platforms need to step up their security game with measures like multi-factor authentication, cold storage, and regular security audits to spot weaknesses. Employee training also plays a key role in ensuring everyone understands and implements critical security practices.
| Security Measure | Implementation | Impact |
|---|---|---|
| Threat Detection & Penetration Testing | Monitoring tools and vulnerability checks | Helps identify suspicious activities and security gaps early |
| Access Controls | Multi-signature wallets | Lowers the chance of unauthorized transfers |
While these technical measures are essential, tackling state-sponsored threats requires more than just stronger defenses – it calls for a global, unified approach.
Global Cooperation
International partnerships, like the U.S.-South Korea initiative, are pivotal in developing tools to prevent theft and recover stolen assets [2]. For this to work, cryptocurrency exchanges, regulators, and law enforcement need to share information and coordinate their efforts.
“North Korea is clearly the main malicious actor operating in the crypto space, and all indications point towards them getting bolder and better each day.” – Silviu, Bitdefender Blog [1]
Collaboration alone isn’t enough, though. A solid regulatory framework is just as important.
Tougher Regulations
Cryptocurrency platforms must enhance Know Your Customer (KYC) and Anti-Money Laundering (AML) policies. Priorities should include mandatory security audits, standardized incident reporting, and improved transaction monitoring. Blockchain analytics also play a crucial role in tracking illegal activities and identifying suspicious patterns.
With $1.34 billion stolen in 2024 [1][2], the need for stronger safeguards across the cryptocurrency ecosystem has never been clearer.
Conclusion
North Korea’s Role in 2024 Crypto Theft
In 2024, hackers linked to North Korea ramped up their cryptocurrency theft activities, stealing a staggering $1.34 billion – accounting for 61% of global crypto theft. These operations highlight the advanced tactics employed by state-sponsored cybercriminals and their direct impact on international security.
Tackling this challenge requires global collaboration and cutting-edge solutions. For example, South Korea and the United States have launched a joint research initiative to develop technologies aimed at preventing and tracking crypto theft through 2026 [2]. Such partnerships are key to addressing the growing threat posed by these cyberattacks.
Steps to Protect the Crypto Ecosystem
The cryptocurrency industry must strike a balance between enhancing security and fostering growth. To counter these threats, a combination of strong technical measures, international partnerships, and stricter regulations is essential. Key steps include advanced threat detection systems, cross-border intelligence sharing, and stricter KYC/AML protocols to close loopholes and trace stolen funds.
North Korean hackers are using increasingly complex laundering strategies and faster transactions to avoid detection [3]. The stolen cryptocurrency is then funneled into weapons programs, posing a direct threat to global stability [1][2]. As these cyber operations become more advanced, the international community must act swiftly to protect the cryptocurrency space and prevent these funds from fueling further instability.