The Democratic People’s Republic of Korea—often referred to as North Korea—is reportedly responsible for 61% of crypto stolen this year, according to Chainalysis.
“In 2023, North Korea-affiliated hackers stole approximately $660.50 million across 20 incidents; in 2024, this number increased to $1.34 billion stolen across 47 incidents—a 102.88% increase in value stolen,” reads a recent report from major crypto forensics firm Chainalysis. This is the highest amount siphoned in by North Korean hackers in any year so far.
Luis Lubeck, services project manager at crypto cybersecurity firm Hacken, told Decrypt that the financial collaboration between North Korea and Russia exacerbates the situation.
"It heightens threats by sharing tools and expertise, complicating attribution and response efforts," he said. "This partnership could escalate global cyber conflicts and reshape how cyber warfare will held place with alliances instead of solo efforts from one state."
North Korean Hackers Target Crypto Firms in ‘Hidden Risk’ Campaign
North Korean state-sponsored hackers expanded their arsenal, launching a new campaign dubbed ‘Hidden Risk’ that seeks to infiltrate crypto firms through malware disguised as legitimate documents. In a Thursday report, hack research firm SentinelLabs connected the latest campaign to the notorious BlueNoroff threat actor, a subgroup of the infamous Lazarus Group, known for siphoning off millions to fund North Korea's nuclear and weapons programs. The series of attacks is a calculated effort to ext...
One trend the industry has seen develop is North Korea linked hackers posing as smart contract developers, purposefully including concealed vulnerabilities or backdoors in the projects they contribute to. So far, in 2024, 47 hacks have been linked to North Korean hackers—equivalent to two-thirds of the total number of crypto hacks.
Those hacks include the $50 million stolen from Radiant Capital, when a North Korean linked cybercriminal posed as a former contractor sharing files to deliver malware to an employee. The malware in question was reportedly sophisticated: it established a permanent macOS backdoor while still displaying a legitimate PDF to the user to avoid detection.
North Korean linked actors are leveraging increasingly advanced tactics, with Lubeck noting that “new tactics leverage AI to create fake personas (with the evolving of deep fakes), making it harder to identify bad actors.” Old techniques continue to pose challenges, including detecting advanced phishing and identifying fake digital identities for remote workers.
Radiant Capital Says DPRK Actor Posed as Ex-Contractor to Pull Off $50 Million Hack
Hackers from the Democratic People’s Republic of Korea (DPRK)—commonly known as North Korea—are responsible for the recent Radiant Capital hack, the firm claims. In mid-October, decentralized finance (DeFi) protocol Radiant Capital lost about $50 million to what the team described as “one of the most sophisticated hacks ever recorded in DeFi.” Now, in a more recent update, Radiant Capital’s contracted cybersecurity firm Mandiant “assesses with high confidence that this attack is attributable to...
United States-based and international officials claim that North Korea is using the cryptocurrencies it steals to fuel its development of weapons of mass destruction and its ballistic missile programs. Reports published in May suggest that its hacking efforts fund half of North Korea's missile program.
Lubeck suggested a potential solution could be to “strengthen international collaboration on cryptocurrency tracking, enforce stricter KYC measures on exchanges, and improve real-time intelligence sharing.” He highlighted that sanctions show only limited effectiveness due to evasion tactics.
Edited by Stacy Elliott.
