North Korea Crypto Heists 2024: $659M Stolen & Fake Job Scams

North Korean Cryptocurrency Heists in 2024

Cybercriminals supported by North Korea have reportedly stolen a minimum of $659 million in cryptocurrency during 2024. This illicit activity was coupled with strategic infiltration of blockchain firms using IT workers acting as internal threats.

Joint Statement from US, Japan, and South Korea

A collaborative statement released on Tuesday by Japan, South Korea, and the United States (available as a PDF) officially attributes these attacks to North Korean actors. This marks the first official confirmation linking North Korea to the $235 million hack targeting WazirX, India’s leading cryptocurrency exchange.

Significant Cryptocurrency Thefts

The WazirX breach in July 2024 led to a temporary suspension of trading and subsequent restructuring of the company. Beyond WazirX, several other substantial thefts occurred throughout the year.

• $308 million was stolen from DMM Bitcoin, a Japanese exchange.
• Upbit and Radiant Capital each suffered losses of $50 million.
• Rain Management experienced a theft amounting to $16.13 million.

Tactics and Techniques Employed

The Lazarus Group, a well-documented North Korean hacking collective, is identified as the primary perpetrator. They utilized social engineering tactics and deployed malicious software, such as TraderTraitor, specifically designed to steal cryptocurrency.

Furthermore, the group actively sought to infiltrate companies by disguising North Korean IT workers as legitimate job applicants. This allowed them to operate as insider threats within the blockchain ecosystem.

Government Advisory

The governments of the United States, Japan, and South Korea are urging private sector organizations, particularly those in the blockchain and freelance work sectors, to enhance their cybersecurity measures. They recommend a thorough review of related advisories and announcements.

This proactive approach aims to mitigate the risk of unknowingly employing IT workers originating from North Korea.

Broader Context of North Korean Cybercrime

Previous reports from the United Nations estimate that North Korea amassed $3 billion in cryptocurrency between 2017 and 2023. These funds are believed to be directed towards financing the nation’s sanctioned nuclear weapons programs.

Recent data from Chainalysis indicates that North Korean hackers were responsible for 61% of all cryptocurrency theft in 2024, totaling $1.34 billion. This highlights the escalating threat posed by these actors.