In 2024, a staggering $2.2 billion was stolen from cryptocurrency platforms by threat actors, with the majority of the illicit funds (61%) attributed to North Korean hackers, according to a report from Chainalysis.
This marks the fifth year in the past decade that hackers have managed to steal over $1 billion from crypto firms. The figures for 2024 show a 21% year-on-year increase, with the number of individual incidents also surging from 282 in 2023 to 303 in 2024.
However, the intensity of attacks seemed to taper off in the second half of the year, possibly due to geopolitical factors. Between January and July 2024, a total of $1.58 billion was stolen, representing an 84% increase compared to the same period in 2023. If this trend had continued in the second half of the year, losses could have exceeded $3 billion.
Chainalysis speculated that the decline in attacks could be linked to a meeting between Vladimir Putin and Kim Jong-un in June. It is believed that a deal was struck to release North Korean assets frozen in compliance with UN Security Council sanctions, as well as potentially sharing advanced missile and submarine technology. Following this summit, the value of funds stolen by North Korean hackers dropped by 54%.
Despite this decrease in overall stolen value, North Korean attacks are on the rise. Attacks in the range of $50 to $100 million and those exceeding $100 million occurred more frequently in 2024 compared to the previous year. This suggests that North Korea is improving its capabilities in executing large-scale exploits.
However, there is also a rise in low-value hacks, with some events yielding only around $10,000. Chainalysis warned that North Korean IT workers are increasingly infiltrating crypto and Web3 companies, compromising their networks with sophisticated tactics and procedures.
To combat these threats, Chainalysis recommended that companies conduct more thorough vetting of potential employees and improve private key hygiene to protect their assets. Additionally, they advised implementing data-sharing initiatives, using advanced tracing tools, and providing targeted training to enhance resilience and detect threats more effectively.
As crypto regulatory frameworks evolve, the scrutiny on platform security and customer asset protection is expected to increase. It is crucial for industry best practices to keep pace with these changes to prevent theft and ensure accountability. By strengthening partnerships with law enforcement and empowering teams with the necessary resources and expertise, the crypto industry can bolster its defenses against theft.