Key Points
- North Korean hackers doubled their crypto theft in 2024, stealing $1.34 billion across 47 incidents, representing 61% of all crypto assets stolen during the year and marking a dramatic escalation in their cyber operations, according to Chainalysis research.
- The intensity of crypto hacking showed a notable shift after July 2024, with DPRK-linked attacks declining by 53.73% following a summit between Putin and Kim Jong Un, suggesting possible geopolitical influences on cyber operations.
Record-Breaking Year for Crypto Theft
A comprehensive research report by blockchain analytics firm Chainalysis reveals that cryptocurrency platforms faced another tumultuous year as hackers made off with $2.2 billion in 2024, marking a 21.07% increase from 2023. This represents the fifth year in the past decade where stolen crypto assets exceeded the billion-dollar threshold, highlighting the persistent and growing threat to digital asset security. The number of individual hacking incidents also rose from 282 to 303, indicating more frequent attacks throughout the year.
North Korea’s Unprecedented Cyber Campaign
The Chainalysis report identifies the Democratic People’s Republic of Korea (DPRK) as the dominant force in cryptocurrency theft, with state-sponsored hackers achieving unprecedented success in their operations. Their sophisticated attacks yielded $1.34 billion across 47 incidents, more than doubling their 2023 total of $660.50 million. U.S. and international officials have linked these stolen funds to North Korea’s weapons of mass destruction and ballistic missile programs, raising significant international security concerns.
Shifting Attack Patterns and Target Selection
The research highlights a notable trend in the targeting patterns of hackers throughout 2024. While decentralized finance (DeFi) platforms have traditionally been the primary targets, centralized services bore the brunt of attacks in Q2 and Q3. Major incidents included the $305 million DMM Bitcoin hack in May and the $234.9 million WazirX breach in July. Private key compromises emerged as the most lucrative attack vector, accounting for 43.8% of all stolen crypto assets.
The Putin Factor and Cyber Activity Decline
Perhaps the most intriguing development came in the latter half of 2024, as North Korean hacking activity showed a marked decrease following a June summit between Russian President Vladimir Putin and North Korean leader Kim Jong Un. Chainalysis data shows the average daily value stolen by DPRK-linked hackers dropped by more than half after July 1, while non-DPRK theft rose slightly by 5%. This coincided with increased military cooperation between North Korea and Russia, including North Korea’s deployment of troops to Ukraine and the supply of ballistic missiles to Russia, suggesting a possible shift in the DPRK’s strategic priorities.
Looking ahead, the crypto industry faces mounting pressure to enhance security measures and protect user assets. The report notes that new predictive technologies, such as those developed by Hexagate (recently acquired by Chainalysis), offer hope for more proactive threat detection. However, the evolving nature of cyber threats and the increasing sophistication of state-sponsored actors continue to pose significant challenges to the digital asset ecosystem.
