Blockchain and cryptocurrency, Cryptocurrency fraud, Fraud management and cybercrime
Researchers attribute 61% of known losses this year to hackers backed by Pyongyang
Matthew J. Schwartz (euroinfosec) •
December 23, 2024
Hackers linked to North Korea’s cash-strapped totalitarian dictatorship stole a record amount of cryptocurrencies this year.
See also: Revolutionizing cross-border transactions with permissioned DeFi
Blockchain analysis company Chainalysis said the total volume of stolen crypto funds is on track to reach $2.2 billion for 2024, up 21% from 2023, while the number of individual hacking incidents has so far increased from 282 in 2023 to 303 this year.
Of the total funds stolen so far this year, hackers linked to the world’s only hereditary communist monarchy, officially called the Democratic People’s Republic of Korea, appear to be responsible for stealing $1.34 billion through 47 incidents, which is double the collective flight of 2023. transport, Chainalysis said.
In a report released earlier this month, blockchain intelligence platform TRM Labs said that from January to October of this year, North Korea accounted for between 50% and 100% of all known illicit crypto uses, primarily through “hacked or exploited funds.” Nigerian hackers come in second, primarily due to “a high-volume entity involved in a range of fraudulent activities,” followed by hackers located in Georgia, the Philippines and Russia.
North Koreans’ appetite for cryptocurrencies is existential, with stolen profits used to directly support the country’s regime – including the leaders’ luxurious lifestyle – as well as the country’s development of weapons of destruction mass, including nuclear weapons and ballistic missiles.
Annual crypto losses for 2024 remain below previous records set in 2021 and 2022, supported in part by Bitcoin reaching a then-record value of $66,000 in late 2021. Historically, attacker interest in crypto has increased in parallel with its value. With Bitcoin hitting a record $106,000 in value last week, increased interest from hackers may well follow (see: Cryptocurrency theft increases alongside crypto value).
North Korean hackers appear responsible for 61% of the total value of stolen cryptocurrencies in 2024, as well as 20% of all known hacking incidents. Their tendency to commit feats large and small, including “mostly large feats,” continues to grow and may increase further during the upcoming holidays.
This time last year, Chainalysis estimated that North Korean hackers had stolen $1.0 billion in 2023, across 20 different hack attacks, a figure it revised downward to $661 million of dollars. “Upon further investigation, we determined that some significant hacks that we previously attributed to the DPRK were likely no longer linked, hence this decrease,” he added. The number of incidents in the DPRK in 2023 has remained roughly the same, as it has since been linked to a number of other smaller hacks in North Korea.
Hackers now focus on centralized services
Since 2021, criminals seeking cryptocurrencies have primarily hit decentralized finance – or DeFi – platforms, which remain accused of not investing in security, focusing instead on high growth rates.
While the trend of hackers targeting DeFi platforms continued throughout the first quarter of this year, since then their attention has shifted more to centralized services such as DMM Bitcoin and WazirX.
“Since centralized exchanges manage significant amounts of user funds, the impact of a private key compromise can be devastating,” Chainalysis said.
A May attack on Japanese cryptocurrency exchange DMM Bitcoin resulted in the loss of about 4,500 bitcoins, then worth about $303 million, potentially due to “mishandling of private keys or a lack of adequate security”, with a large portion of the stolen funds then being laundered via a CoinJoin. anonymous Bitcoin mixing service, as well as through crypto bridging services, Chainalysis said.
Earlier this month, DMM Bitcoin announced that it would cease operations by May 2025 and move its cryptocurrency trading offerings to Japanese firm SBI VC Trade, in part to avoid inconveniencing customers while Investigations into the hacking attack continue.
In July, an attacker stole $230 million worth of cryptocurrency from the Ethereum hot wallet of WazirX – one of India’s largest crypto exchanges – representing around 45% of its entire holdings. Indian police have arrested an individual suspected of creating and selling a fake account to another attacker who used it to carry out the attack, and who remains at large.
After the second quarter, crypto theft decreased
Despite billions in losses this year, the monthly volume of crypto hacking attacks appeared to decline in the second half of this year. “Through the end of July, the ecosystem was easily on track for a year that could rival the $3 billion-plus years of 2021 and 2022,” Chainalysis said. “However, the 2024 upward trend slowed down significantly after July, after which it remained relatively stable.”
The reason for this change remains unclear. The decline in incidents occurred after Russian President Vladimir Putin’s trip to North Korea in June, for the first time in 24 years, where he met with Supreme Leader Kim Jong Un. The two countries signed a “treaty of Comprehensive Strategic Partnership” between the two countries, with Kim pledging to “fully support” Russia’s war of conquest against Ukraine, including deploying around 12,000 DPRK troops to support the invasion.
Given the timing, “in addition to redirecting its military resources toward the conflict in Ukraine, the DPRK – which has significantly increased its cooperation with Russia in recent years – may also have changed its cybercriminal activities,” Chainalysis said.
So far, any connection between the accelerated pace of cooperation between the two countries and the perceived decline in crypto theft remains coincidental.
