In 2024, North Korea’s cyber operations reached unprecedented levels, with hackers affiliated with the regime pilfering $1.6 billion in cryptocurrency, as detailed in a report by Chainalysis.
This represents a significant jump from the $660.5 million stolen in 2023 and highlights the essential role that cybercrime plays in financing the operations of Pyongyang’s government.
In total, $2.2 billion was taken from crypto platforms in 2024, with North Korea responsible for 61% of this amount, according to Chainalysis.
The nation’s cybercrime apparatus executed 47 distinct attacks this year, double the number attributed to them in the previous year. These operations focus on crypto platforms and decentralized finance systems to extract funds believed to be funneled into North Korea’s weapons development and missile programs.
Evolving tactics of North Korean hackers
North Korean hackers have become increasingly sophisticated, utilizing advanced malware and social engineering techniques. Their strategies have also broadened to include infiltrating cryptocurrency companies while posing as remote employees.
In a noteworthy case, 14 North Korean nationals were indicted by the U.S. Department of Justice for using fraudulent identities to gain remote IT employment, resulting in over $88 million in revenue through data breaches and extortion.
The scale and frequency of these attacks are on the rise. North Korean groups executed more large-scale hacks exceeding $100 million in 2024 compared to previous years, indicating a heightened capability for significant thefts.
Incidents of smaller-scale hacks under $50 million have also increased in frequency.
The global community has long voiced concerns regarding North Korea’s dependence on cybercrime to navigate sanctions. U.S. officials estimate that illicit online activities provide up to a third of the funding for the regime’s missile program.
A change in activity following Russian ties
The majority of North Korea’s cryptocurrency theft transpired in the first half of 2024. Hacking activities saw a considerable slowdown after June, aligning with the strengthening of ties between North Korea and Russia. Analysts propose that the regime might have adjusted its cyber strategies following a meeting between Kim Jong Un and Vladimir Putin, signaling an increase in cooperation between the two nations.
“It is therefore possible that,” the report noted, “in addition to redirecting military resources toward the conflict in Ukraine, the DPRK — which has markedly intensified its collaboration with Russia in recent years — may have modified its cybercriminal operations as well.”
Despite the slowdown, the overall impact for the year remained significant. North Korea has emerged as a key player in cryptocurrency theft, responsible for two-thirds of global hacking incidents in 2024.