Global cryptocurrency theft reached record levels in 2024, with $2.2 billion stolen worldwide. According to Chainalysis’ year-end report, North Korea was responsible for 60% of the total amount, or approximately $1.34 billion. This figure nearly doubles the $660 million stolen in 2023 and highlights the regime’s growing expertise in large-scale cyber heists. The stolen funds are believed to support state-sponsored programs, including nuclear and missile initiatives, which pose a major threat to global security.

North Korean hackers are notorious for their speed and sophistication in targeting vulnerabilities in the crypto ecosystem. Their operations have evolved to exploit high-value weaknesses in both centralized and decentralized platforms, enabling them to steal at unprecedented levels. These activities not only compromise financial assets but also reveal the urgent need for stronger security measures across the cryptocurrency industry.

Key Incidents and Trends in 2024

The most significant incident this year involved the theft of 4,502.9 Bitcoin (worth approximately $308 million) from Japan’s DMM Bitcoin exchange by TraderTraitor, believed to be a part of the Lazarus Group. Hackers exploited vulnerabilities in the exchange’s infrastructure, using mixers and bridging services to launder the stolen funds. Eventually, the funds were transferred to marketplaces linked to cybercrime. The fallout from this breach led to DMM Bitcoin shutting down its operations entirely.

Smaller-scale thefts also rose in 2024, with hackers targeting amounts around $10,000. These incidents were often tied to North Korean IT workers in companies across the globe. North Korean cybercriminals have used a variety of advanced techniques to carry out their hacks. Some of their main tactics include:

• Targeting Centralized Exchanges and DeFi Platforms: While decentralized finance (DeFi) platforms have been frequent targets in recent years, 2024 saw a shift toward centralized services. Major incidents included the $305 million theft from Japan’s DMM Bitcoin exchange in May and the $234.9 million heist from India’s WazirX in July.
• Private Key Compromises: Many of the largest thefts in 2024 were linked to weak private key management. Hackers exploited poor security protocols to gain unauthorized access to funds stored on centralized servers.
• Laundering Stolen Funds: North Korean hackers used sophisticated laundering techniques to hide their tracks, such as using Bitcoin mixing services, cross-chain bridges, and unregulated marketplaces.
• Exploiting Insider Knowledge: North Korean IT workers, operating under false identities, infiltrated Web3 companies worldwide. By securing remote jobs, they gained access to internal systems and were able to carry out further attacks.

The frequency of DPRK's crypto attacks appears to be increasing, with a noticeable rise in large-scale exploits. In 2024, attacks yielding $50–$100 million and over $100 million occurred more often compared to 2023, a shift from previous years when most exploits resulted in profits below $50 million.

Interestingly, there was a significant decline in North Korean crypto theft activity in the latter half of the year. The majority of the funds were stolen in the first six months, with activity slowing after June. This coincided with a summit between North Korean leader Kim Jong Un and Russian President Vladimir Putin, where the two nations signed a wide-ranging partnership agreement.

This suggests that the geopolitical relationship between North Korea and Russia may have influenced the decline in cybercriminal activity. During the summit, Russia reportedly released millions of dollars in frozen North Korean assets. This could have reduced Pyongyang’s immediate reliance on cryptocurrency theft to fund its operations. Still, further analysis is required to confirm this theory.

What This Means for Crypto Security

North Korea’s success at crypto theft is a harsh reminder of the increasing sophistication of cybercriminals and the vulnerabilities within the crypto industry. The impact goes far beyond financial losses— international officials have repeatedly warned that these stolen funds are financing North Korea’s nuclear and missile programs while bypassing international sanctions. This creates a significant global security risk, particularly as tensions continue to rise over contested territories in Northern Europe, the Middle East, and Southeast Asia.

The events of 2024 remind us of the need for stronger security measures across the crypto and Web3 ecosystem. Tackling these challenges will require increased vigilance and a proactive, coordinated approach among governments, companies, and individual users. Strengthening crypto security is crucial not just for protecting assets but also for preserving trust and stability in the global digital economy.