North Korean hackers have stolen $1.34 billion worth of cryptocurrency across 47 cyberattacks that occurred in 2024, according to a new report by blockchain analysis company Chainalysis.
This amount represents 61% of the total stolen funds for the year, marking a year-over-year increase of 21%.
Although the total number of incidents in 2024 reached a record-breaking 303, the total losses figure isn’t unprecedented, as 2022 remains the most damaging year with $3.7 billion.
Source: Chainalysis
Chainalysis says most of the incidents this year occurred between January and July, during which 72% of the total amount for 2024 was stolen.
The report highlights the DMM Bitcoin hack from May, where over $305 million was lost, and the WazirX cyberheist from July, which resulted in the loss of $235 million.
As for what types of platforms suffered the most damage, DeFi platforms were followed by centralized services.
Regarding the means, the analysts report that private key compromises accounted for 44% of the losses, while exploitation of security flaws corresponded to just 6.3% of stolen cryptocurrency.
This is a sign that security audits have a significant effect on reducing exploitable flaws on the platforms. However, stricter security practices in the handling of private keys need to be implemented.
Record year for DPRK
State-sponsored North Korean hackers systematically target cryptocurrency holders, platforms, and investors as a way to generate revenue to find their country’s weapons development program.
Their proceeds this year have reached $1.3 billion, breaking the previous record from 2022, which stood at $1.1 billion.
Source: Chainalysis
“In 2023, North Korea-affiliated hackers stole approximately $660.50 million across 20 incidents; in 2024, this number increased to $1.34 billion stolen across 47 incidents — a 102.88% increase in value stolen,” reads Chainalysis’ report.
The analysts also note that DPRK hackers conducted more frequent attacks in 2024, which indicates a higher capacity to execute large-scale attacks.
The heist at DMM Bitcoin is attributed to North Korean hackers based on the analysis of blockchain evidence and the flow of funds from the Japanese exchange to coin mixing services.
Source: Chainalysis
Earlier this month, Radiant Capital published the results of its investigation into its mid-October security breach, where $50 million was stolen, pointing the finger at North Korean state-affiliated hackers.
However, North Koreans didn’t focus solely on large-sum attacks this year, as the number and frequency of lower-value attacks, around $10,000, also increased.
Source: Chainalysis
In June, CoinStats announced that North Korean hackers had compromised 1,590 cryptocurrency wallets on its platform.
Despite the drop in activity after July, attacks at fintech platforms are bound to continue in 2025, especially as the cryptocurrency space is currently on an extended bull run with rising prices.