In 2024, North Korean hackers have been reported to have stolen a massive $2.2 billion, a significant increase of 21% from the previous year. The Democratic People’s Republic of Korea (DPRK) has emerged as a prominent player in the realm of crypto theft, employing advanced tactics and growing sophistication to target both decentralized finance (DeFi) platforms and centralized exchanges to finance its state-sponsored programs.
This year marked the fifth instance in the last decade where crypto theft surpassed $1 billion annually, highlighting a concerning trend of exploitation within the digital asset sector. The number of hacking incidents surged to 303, up from 282 in 2023. The first half of the year witnessed an unprecedented $1.58 billion being stolen, an 84% rise compared to the same period in the previous year. However, the pace of theft slowed in the latter half, coinciding with a geopolitical shift characterized by newfound cooperation between Russia and North Korea.
North Korea’s hacking groups, including the notorious Lazarus Group, were responsible for siphoning $1.34 billion of the stolen funds in 2024, marking a significant increase of 102.88% from 2023. These state-sponsored hackers were linked to 47 incidents, accounting for 61% of the total stolen value for the year. The exploitations ranged from large-scale centralized exchange hacks to more targeted strikes.
One of the notable incidents of the year involved the Japanese exchange DMM Bitcoin, which suffered a $305 million loss due to vulnerabilities in its security infrastructure. The stolen funds were laundered through mixing services and bridging protocols, complicating efforts to trace and recover the assets. While DeFi platforms were initially the primary targets, hackers shifted their focus to centralized services later in the year, with exchanges like WazirX and DMM Bitcoin falling victim to attacks that exposed weaknesses in private key management.
Key compromises accounted for 43.8% of crypto theft in 2024, emphasizing the critical need for robust security measures within the industry. The timing of North Korea’s cyber exploits raises suspicions of geopolitical motives. Following a summit between Vladimir Putin and Kim Jong Un, North Korea’s hacking activity decreased by 53.73%, while non-DPRK-related crypto theft experienced a slight rise. Experts speculate that Pyongyang may have redirected its resources towards military collaboration with Russia, including supplying weapons for the conflict in Ukraine.
The widespread scale of theft in 2024 has prompted renewed calls for improved security protocols within the crypto sector. Predictive technologies, such as machine learning tools developed by Hexagate and Chainalysis, are increasingly vital in detecting and preventing attacks before they occur. However, bridging security gaps will necessitate collaboration between regulators, law enforcement agencies, and private entities to effectively combat the growing threats posed by sophisticated cybercriminals.