North Korea’s state-sponsored hackers reached unprecedented heights in 2024, stealing $1.34 billion in cryptocurrency across 47 attacks. This figure is more than double the $660.5 million stolen in 2023 over 20 incidents, according to a Chainalysis report.
These hackers now account for 61% of all cryptocurrency thefts worldwide this year, solidifying Pyongyang’s status as the dominant force in cybercrime. U.S. and international authorities warn that these stolen funds finance North Korea’s missile and weapons programs, bypassing sanctions and posing a threat to global security.
The time between successful hacks has significantly decreased, especially for high-value targets worth $50 million or more. Pyongyang’s operatives have shifted focus toward large-scale heists while maintaining smaller operations averaging around $10,000.
Weaponizing Cybercrime North Korea’s hackers have honed deception into a fine art. Increasingly, their IT workers infiltrate legitimate companies by leveraging remote work opportunities, posing as highly skilled professionals with fake identities and dubious intermediaries.
Once embedded, they steal proprietary data and even directly siphon funds from corporate accounts. The U.S. Department of Justice recently indicted 14 North Koreans for such schemes, through which they stole $88 million while posing as employees of U.S.-based firms.
Beyond corporate theft, Pyongyang’s hackers are targeting the very infrastructure of the crypto ecosystem. In one of their boldest moves this year, they attacked the Japanese exchange DMM Bitcoin, stealing 4,502.9 Bitcoin valued at $305 million. Exploiting vulnerabilities in the exchange, they funneled the assets through mixers and cross-chain bridges to erase traces, forcing the exchange to close and transfer its operations to another entity under a financial conglomerate.
A Shift After the June Summit In the first half of 2024, North Korean hackers operated at peak efficiency. However, activity plummeted following a high-profile June summit where Russian President Vladimir Putin and North Korean leader Kim Jong Un signed a mutual defense pact.
The Chainalysis report notes a sharp 53.73% drop in the value stolen by North Korean hackers in the second half of the year compared to the first. Simultaneously, non-North Korean crypto thefts saw a slight increase.
While analysts are cautious about drawing direct links between the summit and the slowdown, the timing raises questions. Around this period, Russia unfroze millions of dollars in North Korean assets, potentially providing alternative financial resources. Additionally, North Korea deployed troops to Ukraine and sought advanced Russian military technology, possibly redirecting its focus and resources.
