North Korea’s cyber operations reached new heights in 2024, with hackers linked to the regime stealing $1.6 billion in cryptocurrency, according to a report from Chainalytics.
This marks a sharp increase from the $660.5 million stolen in 2023 and underscores the critical role cybercrime plays in financing Pyongyang’s government operations.
According to Chainalytics, $2.2 billion was stolen from crypto platforms in 2024, with North Korea accounting for 61% of it.
North Korean hackers stole more from crypto platforms than ever before: $1.34 billion, representing 61% of the total amount stolen for the year. pic.twitter.com/tVBsOKW8U7
— Chaining (@chainaliz) December 19, 2024
The country’s cybercrime network has carried out 47 separate attacks this year; this number was twice the number of incidents attributed last year. These exploits target crypto platforms and decentralized financial systems to siphon funds that experts believe are being directed to North Korea’s weapons development and ballistic missile programs.
North Korea’s tactics are improving
North Korean hackers have become more sophisticated, using advanced malware and social engineering tactics. Their operations have expanded to include infiltrating cryptocurrency companies under the guise of remote workers.
In one notable case, 14 North Korean citizens were charged by the U.S. Department of Justice with using fake identities to secure remote IT jobs and generating more than $88 million through data theft and extortion.
The scale and frequency of these attacks is increasing. North Korean groups have carried out larger-scale hacks exceeding $100 million in 2024 compared to previous years, suggesting an increased capacity for large-scale thefts.
Small-scale attacks also increased; Attacks under $50 million occur more frequently.
The international community has long expressed concern about North Korea’s reliance on cybercrime to evade sanctions. US officials estimate that one-third of the regime’s missile program funding comes from illegal online activity.
Change in activity after Russian ties
Most crypto thefts in North Korea occurred in the first half of 2024. Hacking activity slowed significantly after June, coinciding with the closer ties between North Korea and Russia. Analysts suggest that the regime may have changed its cyber strategies after the meeting between Kim Jong Un and Vladimir Putin, which signaled increased cooperation between the two countries.
“Therefore, it is possible that North Korea, which has significantly increased its cooperation with Russia in recent years, has changed its cybercriminal activities in addition to directing military resources to the conflict in Ukraine,” the report said.
The slowdown did little to ease the overall impact of the year. North Korea has emerged as a dominant force in cryptocurrency theft, responsible for two-thirds of global hacking incidents in 2024.