The Democratic People’s Republic of Korea—often referred to as North Korea—is reportedly responsible for 61% of crypto stolen this year, according to Chainalysis.
“In 2023, North Korea-affiliated hackers stole approximately $660.50 million across 20 incidents; in 2024, this number increased to $1.34 billion stolen across 47 incidents—a 102.88% increase in value stolen,” reads a recent report from major crypto forensics firm Chainalysis. This is the highest amount siphoned in by North Korean hackers in any year so far.
Luis Lubeck, services project manager at crypto cybersecurity firm Hacken, told Decrypt that the financial collaboration between North Korea and Russia exacerbates the situation.
"It heightens threats by sharing tools and expertise, complicating attribution and response efforts," he said. "This partnership could escalate global cyber conflicts and reshape how cyber warfare will held place with alliances instead of solo efforts from one state."
One trend the industry has seen develop is North Korea linked hackers posing as smart contract developers, purposefully including concealed vulnerabilities or backdoors in the projects they contribute to. So far, in 2024, 47 hacks have been linked to North Korean hackers—equivalent to two-thirds of the total number of crypto hacks.
Those hacks include the $50 million stolen from Radiant Capital, when a North Korean linked cybercriminal posed as a former contractor sharing files to deliver malware to an employee. The malware in question was reportedly sophisticated: it established a permanent macOS backdoor while still displaying a legitimate PDF to the user to avoid detection.
North Korean linked actors are leveraging increasingly advanced tactics, with Lubeck noting that “new tactics leverage AI to create fake personas (with the evolving of deep fakes), making it harder to identify bad actors.” Old techniques continue to pose challenges, including detecting advanced phishing and identifying fake digital identities for remote workers.
United States-based and international officials claim that North Korea is using the cryptocurrencies it steals to fuel its development of weapons of mass destruction and its ballistic missile programs. Reports published in May suggest that its hacking efforts fund half of North Korea's missile program.
Lubeck suggested a potential solution could be to “strengthen international collaboration on cryptocurrency tracking, enforce stricter KYC measures on exchanges, and improve real-time intelligence sharing.” He highlighted that sanctions show only limited effectiveness due to evasion tactics.
Edited by Stacy Elliott.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.