Crypto-Hackers Steal $2.2bn as North Koreans Dominate

Written by

Threat actors stole $2.2bn from cryptocurrency platforms in 2024, with the majority (61%) of illicit funds attributed to North Korean hackers, according to Chainalysis.

The blockchain analytics company has been analyzing cryptocurrency flows for several years and said that 2024 is the fifth year in the past decade that hackers have stolen over $1bn from crypto firms.

The figure for 2024 represents a 21% year-on-year (YoY) increase, with individual incidents also surging, from 282 in 2023 to 303 in 2024.

However, the intensity of attacks tailed off in the second half of the year, possibly for geopolitical reasons. The cumulative value stolen between January and July 2024 reached $1.58bn, which represents an 84% on the same period in 2023 and, if matched in the second half of the year, would have led to losses of more than $3bn.

Read more on North Korean crypto heists: North Korean Hackers Stole $600m in Crypto in 2023

Chainalysis suggested that the slowdown in attacks could be the result of Vladimir Putin’s meeting with Kim Jong-un in June, where it is thought a deal was struck to release millions of dollars’ worth of North Korean assets previously frozen in compliance with UN Security Council sanctions, and potentially advanced missile and submarine technology.

The report noted that the value of funds stolen by North Korean hackers dropped 54% following the summit.

However, North Korean attacks overall are becoming more frequent.

“Notably, attacks between $50 and $100m, and those above $100m, occurred far more frequently in 2024 than they did in 2023, suggesting that the DPRK is getting better and faster at massive exploits,” the report revealed.

“This is in stark contrast to the previous two years, during which its exploits more often each yielded profits below $50m.”

This increase is unfortunately also being matched by “a growing density” of hacks which yielded lower amounts of around $10,000 in value.

“Some of these events appear to be linked to North Korean IT workers, who have been increasingly infiltrating crypto and Web3 companies, and compromising their networks, operations, and integrity,” Chainalysis warned.

“These workers often use sophisticated tactics, techniques, and procedures (TTPs), such as false identities, third-party hiring intermediaries, and manipulating remote work opportunities to gain access.”

Building Stronger Defenses

Chainalysis urged companies to vet prospective employees more rigorously and improve private key hygiene to safeguard their assets.

More generally, it recommended “data-sharing initiatives, advanced tracing tools and targeted training” to help crypto firms build resilience and better identify and neutralize threats.

“Additionally, as crypto regulatory frameworks continue to develop, the scrutiny on platform security and customer asset protection will likely intensify. Industry best practices must keep pace with these changes, ensuring both prevention and accountability,” it concluded.

“By fostering stronger partnerships with law enforcement and equipping teams with the resources and expertise to respond rapidly, the crypto industry can reinforce its defenses against theft.”

What’s hot on Infosecurity Magazine?