North Korea’s cyber operations hit new heights in 2024, with hackers linked to the regime stealing $1.6 billion in cryptocurrency, according to a report from Chainalysis.
This marks a sharp increase from the $660.5 million stolen in 2023 and underscores the critical role cybercrime plays in funding Pyongyang’s government operations.
There was $2.2 billion stolen from crypto platforms in 2024, and North Korea accounted for 61% of it, according to Chainalysis.
North Korean hackers stole more from crypto platforms than ever before: $1.34 billion, which represents 61% of the total amount stolen for the year. pic.twitter.com/tVBsOKW8U7
— Chainalysis (@chainalysis) December 19, 2024
The country’s cybercrime network conducted 47 separate attacks this year, double the incidents attributed to them last year. These exploits target crypto platforms and decentralized finance systems to siphon funds that experts believe are directed toward North Korea’s weapons development and ballistic missile programs.
You might also like: TON blockchain data now live on Dune
North Korean tactics are evolving
North Korean hackers have become more sophisticated, deploying advanced malware and social engineering tactics. Their operations have also expanded to include infiltrating cryptocurrency firms under the guise of remote workers.
In one notable case, 14 North Korean nationals were indicted by the U.S. Department of Justice for using false identities to secure remote IT jobs, generating over $88 million through data theft and extortion.
The scale and frequency of these attacks are increasing. North Korean groups carried out more large-scale hacks exceeding $100 million in 2024 than in previous years, demonstrating a growing capability for massive thefts.
Smaller-scale hacks have also risen, with attacks under $50 million occurring more frequently.
The international community has long raised concerns about North Korea’s reliance on cybercrime to bypass sanctions. U.S. officials estimate that up to a third of the regime’s missile program funding comes from illicit online activities.
You might also like: Justin Sun allegedly asked CoinDesk owners to remove banana article: report
A shift in activity after Russian ties
Most of North Korea’s crypto theft occurred in the first half of 2024. Hacking activity slowed significantly after June, coinciding with closer ties between North Korea and Russia. Analysts suggest the regime may have shifted its cyber strategies following a meeting between Kim Jong Un and Vladimir Putin, which signaled increased cooperation between the two countries.
“It is therefore possible that,” the report read, “in addition to redirecting military resources toward the conflict in Ukraine, the DPRK — which has dramatically increased its cooperation with Russia in recent years — may have altered its cybercriminal activity as well.”
The slowdown did little to mitigate the year’s overall impact. North Korea has emerged as a dominant force in cryptocurrency theft, responsible for two-thirds of global hacking incidents in 2024.
You might also like: Powell: Fed not allowed to own Bitcoin