Cybercrime attributed to North Korean-linked groups has reached unprecedented levels this year. According to a report by blockchain analytics firm Chainalysis, these hacking groups have stolen a record $1.34Bn in cryptocurrency this year across 47 incidents. This marks a dramatic increase from the $660.5 million stolen in 2023.
Cryptocurrency seems to have turned out to be a preferred target for North Korean hackers, and the cyber thefts have been crucial in funding the country’s ballistic missile and nuclear weapons programs, according to reports, which suggest that as much as one-third of North Korea’s missile development efforts are financed through stolen cryptocurrency. This comes at a time when Pyongyang’s economy is otherwise constrained by stringent sanctions.
The stolen funds have been laundered using decentralized financial platforms, crypto mixing services, and mining services, which help obscure their origins. Basically, these laundering methods make it more difficult for authorities to track and recover the stolen assets, while the ease of exploiting decentralized systems has allowed North Korean hackers to evade detection while funneling vast sums into state coffers. “As the digital asset market booms, it is typical to see the illicit use of crypto grow in tandem,” Eric Jardine, cybercrimes research lead at Chainalysis, commented on the matter.
North Korean hackers have developed a reputation for deploying highly innovative and adaptive tactics. One notable method involves exploiting remote work opportunities, where operatives pose as legitimate IT professionals employed by foreign companies. By infiltrating these organizations, they gain access to proprietary data and financial systems and are able to enable theft on an industrial scale.
Another common scheme used in cyber thefts are the creation of fake employment websites to deceive victims into disclosing sensitive information. These sites often mimic legitimate platforms and serve as a gateway for hackers to breach cryptocurrency exchanges. In one particularly striking incident, North Korean operatives stole 4,500 bitcoins, worth $305 million, from the Japanese exchange DMM Bitcoin. The stolen cryptocurrency was traced through a network of intermediaries and eventually moved to a Cambodian exchange. This heist led to the closure of DMM Bitcoin.
The global cryptocurrency sector has experienced a surge in cyberattacks this year, with global losses reaching $2.2 billion, according to a report by Reuters — marking an increase of 21% as compared to the previous year. In addition to this, the number of hacking incidents worldwide has hit an all-time high of 303 as well (rising from the 292 incidents last year). North Korea alone accounts for more than half of the thefts, mostly in the first half of the year. The second half of the year saw a decline in the pace of North Korean hacking, especially as it came on the heels of the treaty being signed between North Korea and Russia (in June 2024). In response to this development, the US has indicted 14 North Korean nationals for fraud and money laundering. These individuals allegedly used their roles as remotely employed IT workers to steal $88 million through proprietary data theft and extortion.
