North Korea Hackers Steal US$659 Million in Crypto in 2024

In 2024, hackers backed by North Korea stole over US$659 million in cryptocurrency from various blockchain entities, as revealed by a joint statement from the United States, Japan, and South Korea. The thefts are part of a broader strategy to fund North Korea’s missile and weapons programs, reads the statement.

The joint statement highlights the extensive nature of these attacks, stressing that “the DPRK’s cyber program threatens our three countries and the broader international community” and “poses a significant threat to the integrity and stability of the international financial system.” 

North Korea’s cyber activity has long been associated with the theft of cryptocurrency, with state-sponsored hacking groups, such as the Lazarus Group (APT38), known for its sophisticated techniques and persistent attacks. The stolen funds are believed to have been used to finance North Korea’s weapons programs. 

In 2024 alone, multiple high-profile attacks were attributed to North Korean cyber actors, including the theft of US$308 million from DMM Bitcoin, US$50 million from Upbit, and US$16.13 million from Rain Management. The United States and South Korea also linked DPRK actors to the US$235 million stolen from WazirX and US$50 million from Radiant Capital, both in 2024. 

North Korea is allegedly deploying more advanced social engineering tactics to infiltrate blockchain companies. These methods can include malware deployment, such as TraderTraitor and AppleJeus, reports the Cybersecurity and infrastructure Security Agency (CISA). The agency warns that hackers disguise their malicious intentions by posing as legitimate job opportunities in the IT and blockchain sectors. 

The joint statement also warns that North Korea is using IT workers recruited through deceptive means, who have the potential to cause significant damage by providing unauthorized access to sensitive systems or stealing confidential data. In response, authorities from the United States, Japanese, and South Korea have issued multiple advisories and notifications, urging private businesses, especially those in blockchain, to enhance their cybersecurity practices and carefully vet potential hires.

The three countries have also increased their collaboration on cybersecurity initiatives. According to the statement, public-private partnerships such as the Illicit Virtual Asset Notification (IVAN) and the Crypto-ISAC aim to facilitate real-time information sharing to mitigate cybercrime risks. These collaborative efforts aim to protect the financial infrastructure of the blockchain sector and prevent further illicit activities that can destabilize the global economy.

Japan’s Financial Services Agency, along with the Japan Virtual and Crypto Assets Exchange Association (JVCEA), has also heightened efforts to secure the domestic crypto market, urging businesses to conduct self-inspections and report any suspicious activities.

Given the ongoing nature of these attacks, the trilateral cooperation between the United States, Japan, and South Korea is expected to intensify, reads the statement. This collaboration aims to improve cybersecurity defenses across the Indo-Pacific region and implement sanctions against DPRK cyber actors to limit their resources.