North Korean hackers made headlines in 2024 for stealing over $659 million in cryptocurrency through a series of sophisticated cyberattacks. A joint statement by the United States, Japan, and South Korea not only highlighted the thefts but also revealed that North Korea is deploying IT workers as spies to infiltrate blockchain and Web3 companies.
A Year of High-Value Heists
The joint announcement listed several major incidents, including a $235 million hack of India’s largest cryptocurrency exchange, WazirX, which forced the platform to halt trading and undergo a major restructuring. Other notable breaches included a $308 million theft from Japan’s DMM Bitcoin, $50 million each from Upbit and Radiant Capital, and $16.13 million from Rain Management.
The statement emphasized that North Korean cyber actors, including the notorious Lazarus Group, have ramped up their use of social engineering and malware such as TraderTraitor to target cryptocurrency exchanges. Infiltration tactics also involved North Korean IT workers posing as legitimate job candidates, leveraging false identities and remote work setups to gain access to sensitive systems.
Warning to the Blockchain Industry
The United States, Japan, and South Korea jointly urged blockchain and freelance industries to strengthen their cybersecurity measures to avoid inadvertently hiring North Korean operatives. “Private sector entities must review advisories and adopt measures to counteract cyber threats and prevent employing DPRK IT workers,” the statement advised.
The three nations reaffirmed their commitment to curbing North Korea’s malicious cyber activities, emphasizing the need for coordinated sanctions and enhanced cybersecurity collaboration across the Indo-Pacific.
Broader Implications
The joint statement comes amid increasing concerns about North Korea’s reliance on cybercrime to fund its nuclear weapons program, which remains under international sanctions. A UN report revealed that between 2017 and 2023, North Korea stole an estimated $3 billion in cryptocurrency to support its military ambitions.
Additionally, the U.S. Department of Justice reported the arrest of 14 North Korean nationals in 2024. These individuals posed as remote IT workers for U.S. companies, stealing proprietary information and extorting employers, resulting in $88 million in illicit gains.
Surge in North Korean Cyber Threats
Data from Chainalysis revealed that North Korean hackers were responsible for 61% of all cryptocurrency theft in 2024, amounting to $1.34 billion. While the overall number of incidents has decreased, the scale and efficiency of attacks by North Korean actors have escalated significantly.
Large-scale breaches involving $50–$100 million or more became more frequent in 2024, signaling a shift in tactics. “North Korean hackers have become more adept at executing high-value exploits, moving away from smaller-scale attacks seen in previous years,” the report noted.
IT Worker Infiltration
The report also highlighted a worrying trend of North Korean industrial training workers infiltrating crypto and Web3 companies. These workers exploit remote work opportunities, fake identities, and third-party hiring intermediaries to compromise corporate systems and integrity.
Broader Cyber Threat Landscape
Security researchers at Cyberwarcon, an annual conference in Washington, D.C., outlined North Korea’s evolving cyber strategies. Hackers from the regime have been posing as prospective employees at global corporations, aiming to steal corporate secrets and generate funds for North Korea’s government.
In addition, Microsoft’s analysis identified a subgroup of North Korean hackers, known as Sapphire Sleet, who disguised themselves as recruiters and venture capitalists. Their campaigns targeted individuals and companies to steal cryptocurrency, further demonstrating the regime’s resourcefulness in cyber warfare.
The Road Ahead
As North Korea continues to escalate its cyber operations, global governments and private organizations must remain vigilant. Strengthening cybersecurity frameworks, fostering international cooperation, and enhancing public awareness are critical steps to combat the growing threat posed by these state-sponsored cyber actors.
