North Korean hackers have significantly ramped up their cryptocurrency thefts in 2024, stealing an estimated $1.3 billion across 47 incidents, according to a report from blockchain analytics firm Chainalysis. This staggering amount marks a sharp increase from the $660 million stolen in 2023, showcasing the growing sophistication and efficiency of the Democratic People’s Republic of Korea’s (DPRK) cyber operations. The stolen funds in 2024 represent 61% of all reported crypto thefts globally, underscoring the DPRK’s leading role in exploiting vulnerabilities within the digital asset ecosystem.
Chainalysis highlighted a notable trend in the scale of these attacks, with an increase in high-value heists. Incidents yielding between $50 million and $100 million—and even those exceeding $100 million—were more frequent in 2024 compared to previous years, when the majority of thefts involved smaller sums. The report suggests that North Korean hackers have refined their methods to maximize the profitability of their cybercrimes, often targeting both decentralized finance (DeFi) platforms and centralized services.
Despite their heightened activity, the report observed a decline in funds stolen by the DPRK during the third and fourth quarters of 2024. This trend coincided with strengthened political and military ties between North Korea and Russia, leading some experts to speculate that the regime may have become less reliant on cryptocurrency theft for funding. However, the report cautions against drawing definitive conclusions, noting that cyberattacks often spike during holiday periods, and year-end activity could alter the current patterns.
Globally, cryptocurrency thefts totaled approximately $2.2 billion in 2024, a 21% increase from the previous year but still significantly lower than the $3.7 billion recorded in 2022. DeFi platforms were the most targeted in early 2024, while centralized services faced the brunt of attacks in the latter half. As North Korea continues to refine its cyber capabilities, international efforts to combat these crimes remain critical in safeguarding the digital economy from further exploitation.
