North Korean hackers have set another record for themselves in 2024, topping all previous campaigns with $1.34 billion of stolen crypto. The state-backed threat actors continue to do big numbers and prop up a segment of cyber crime that has otherwise started to flag since the pandemic years, and have also moved into the concerning trend of focusing on centralized platforms.
The new data comes from the annual Chainalysis report on stolen crypto, published for several years now. Crypto theft in total has halved since the peak years of 2021 and 2022, and would be back down to numbers comparable to pre-pandemic were the North Korean hackers not so active.
Stolen crypto campaigns increasingly target centralized exchanges, private keys
Of all of the instances of stolen crypto in 2024, nearly half (43.8%) were caused by stolen private keys. No other attributable attack method is anywhere near as popular at present, something that likely ties into North Korean hackers (and others) seemingly moving away from technical security flaws in decentralized finance as their primary target.
For the better part of a decade now, North Korean hackers can be counted on to steal about $500 million to $1.5 billion in crypto each year. The money is vital to supporting the heavily-sanctioned government, particularly its weapons programs. The country thus pours more into this area of cyber crime than other attackers, and the numbers reflect that: attempts by the country’s state-backed threat groups continue to go up every year, in this case leaping to 61% of all activity from 36% in 2023.
And while a lot of these splashy stolen crypto numbers are still coming from occasional large attacks on platforms, the Chainalysis report finds that North Korean hackers are showing much more interest in smaller thefts from businesses and individual wallets. The groups have recently focused on scamming their way into remote work jobs around the world, at which point they use privileged access to prowl for credentials and ransom sensitive information.
Crypto theft continues to be a central focus for North Korean hackers
The North Korean hackers are expected to focus on stolen crypto well into the future, and in just a few years may accelerate to a pace of making at least one attempt every single day of the year. Though the theft totals tend to correspond with Bitcoin price spikes, the attempts have steadily gone up no matter what and the groups are showing increasing sophistication in their approaches.
The attackers started out 2024 continuing to focus on DeFi platforms for their stolen crypto, but switched course around mid-year to a strong focus on attacking centralized platforms. This yielded the two single largest incidents of the year, the May raid of $305 million from Japan’s DMM Bitcoin and about $235 million taken from India’s WazirX in July. The first attack essentially scuttled DMM Bitcoin, which announced it will be transferring its business to SBI VC Trade in early 2025.