North Korean Hackers Double Crypto Hacks in 2024, Steals $1.34 Billion

Key Takeaways

•  North Korean-affiliated hackers stole an estimated $1.34 billion in digital assets across 47 incidents
• North Korean hackers accounted for a staggering 61% of all stolen crypto globally in 2024.

North Korean hackers have significantly ramped up their crypto theft activities in 2024, as per a report from blockchain analytics firm Chainalysis.

In total, North Korean-affiliated hackers stole an estimated $1.34 billion in digital assets across 47 incidents, representing a 102.88% increase compared to 2023, when the total amount stolen was approximately $660.5 million across 20 incidents. This surge in thefts accounted for a staggering 61% of all stolen crypto globally in 2024.

In 2023, North Korean hackers were responsible for 20% of all reported crypto theft incidents globally.

As per the report, U.S. and international authorities have long assessed that the stolen crypto is funneled into funding Pyongyang’s military ambitions, particularly to bypass international sanctions. In 2023, North Korean hackers were responsible for 20% of all reported crypto theft incidents globally.

Notably, 2024 saw an uptick in larger hacks, with the number of attacks involving stolen amounts between $50 million and $100 million, and those exceeding $100 million, occurring more frequently than in the previous year.

This is in sharp contrast to 2023, where most of the attacks by North Korean hackers netted less than $50 million each. In fact, this year saw a dramatic shift, with North Korean hackers responsible for a significant portion of the largest crypto thefts on record, indicating that their methods are becoming increasingly effective and sophisticated.

Chainalysis further analyzed the average time between successful DPRK cyberattacks, finding a decrease in the time between incidents in 2024 compared to previous years.

The increase in large-scale exploits suggests that North Korean hackers are refining their techniques and executing larger heists with greater speed. While 2023 had witnessed fewer high-value attacks, 2024 has marked a year of larger, more frequent incidents, with North Korea responsible for most high-value breaches globally.

Another concerning trend highlighted in the report is the infiltration of North Korean IT workers into crypto and Web3 companies. These workers are using increasingly sophisticated tactics to compromise networks, often assuming false identities and manipulating remote work opportunities to gain access to sensitive company data.

Report noted that the trend is a major contributor to the growing frequency of North Korean attacks, as hackers work from within the industry to gather information or directly steal digital assets.

Chainalysis also reported that North Korean cybercriminal activity slowed somewhat in the second half of 2024. After July 1, 2024, the daily average amount stolen by DPRK hackers decreased by approximately 53.73%, while the total stolen in non-DPRK-related hacks rose by 5%. 

Despite the reduction in hacking activity in the latter part of the year, the overall theft by North Korea in 2024 remains significant. In total, the global crypto thefts in 2024 reached around $2.2 billion, up by 21% from 2023, but still well below the $3.7 billion stolen in 2022.

The Chainalysis report also noted that decentralized finance (DeFi) platforms were the most targeted in the first quarter of the year, while centralized services saw a spike in attacks during the second and third quarters.

In conclusion, while North Korea’s cybercriminal operations seem to have slowed somewhat after mid-2024, the scale and frequency of attacks linked to the DPRK remain high.