North Korea’s state-backed hackers shattered records in 2024, stealing $1.34 billion worth of crypto in just 47 attacks. That’s more than double the $660.5 million they swiped across 20 incidents in 2023, according to a new Chainalysis report.
These digital thieves now account for 61% of all crypto stolen globally this year, cementing Pyongyang’s place as the top player in crypto crime. U.S. and international officials warn these stolen funds bankroll North Korea’s missile and weapons programs, sidestepping sanctions and endangering global security.
The time between successful hacks has shortened dramatically, especially for high-value hits of $50 million or more. Pyongyang’s cyber operatives have shifted their game, focusing more on large-scale heists while maintaining a steady flow of smaller operations of around $10,000.
Weaponizing crypto theft with insider infiltration
The tactics these hackers employ are a masterclass in deception. Increasingly, North Korean IT workers are worming their way into legitimate companies, exploiting remote work opportunities to infiltrate networks. They pose as highly skilled professionals, using fake identities and shady intermediaries to land jobs.
Once inside, they loot proprietary information and even steal directly from company accounts. The U.S. Department of Justice recently indicted 14 North Koreans who pulled off this exact scheme, stealing $88 million while masquerading as employees of U.S. firms.
The broader picture is even darker. Pyongyang’s cybercriminals are targeting not just companies but the very infrastructure of the crypto world. In one of the year’s most audacious hacks, they hit the Japanese exchange DMM Bitcoin, stealing 4,502.9 Bitcoin—worth $305 million at the time.
By exploiting weaknesses in the exchange’s infrastructure, they funneled the stolen assets through mixers and cross-chain bridges, making them nearly impossible to trace. The aftermath forced DMM Bitcoin to shut down, transferring its operations to another exchange under a major financial conglomerate.
This kind of attack isn’t rare. North Korea’s hackers use advanced malware, phishing schemes, and social engineering to gain access to systems.
They’ve literally perfected the art of moving stolen funds through complex laundering chains, often using CoinJoin mixing services and obscure online marketplaces to hide the money trail.
A change in strategy after July
The first half of 2024 saw Pyongyang’s hackers operating at full throttle, but their activity took a nosedive after a high-profile summit in late June. Russia’s President Vladimir Putin and North Korean supreme leader Kim Jong Un met in Pyongyang to sign a mutual defense pact.
The report says that shortly after that, there was a sharp drop in the value stolen by North Korean hackers—down by 53.73% in the second half of the year compared to the first. Meanwhile, non-North Korean hacks saw a slight uptick.
Analysts are cautious about drawing a direct link between the summit and the slowdown in attacks, but you have to admit, the timing is hard to ignore. Russia released millions of dollars in frozen North Korean assets around the same period, potentially providing Pyongyang with alternative funding sources.
On the other hand, North Korea deployed troops to Ukraine and reportedly sought advanced military technology from Moscow, so its resources may have been redirected toward the conflict.
From Zero to Web3 Pro: Your 90-Day Career Launch Plan