North Korean hackers are estimated to have stolen a staggering $2.2 billion in 2024, up 21% from 2023.
With advanced tactics and increasing sophistication, the Democratic People’s Republic of Korea (DPRK) has positioned itself as a dominant force in crypto theft, targeting both decentralized finance (DeFi) platforms and centralized exchanges to fund its state-sponsored programs.
The year 2024 marked the fifth time in the past decade that crypto theft exceeded $1 billion annually, highlighting the escalating exploitation of the digital asset sector.
.png
)
The number of hacking incidents surged to 303, up from 282 in 2023. While the first half of the year saw an unprecedented $1.58 billion stolen—an 84% increase compared to the same period in 2023—the pace slowed in the latter half, coinciding with a geopolitical shift involving newfound collaboration between Russia and North Korea.
DPRK’s Increasingly Aggressive Cyber Campaign
North Korea’s hacking groups, including the infamous Lazarus Group, accounted for $1.34 billion of the stolen funds in 2024, a sharp increase of 102.88% from 2023.
These state-sponsored hackers were linked to 47 incidents, representing 61% of the year’s total stolen value. These exploits ranged from massive centralized exchange hacks to smaller, highly targeted strikes.
One of the year’s largest incidents involved the Japanese exchange DMM Bitcoin, which suffered a $305 million loss in May due to vulnerabilities in its security infrastructure.
The stolen funds were funneled through mixing services and bridging protocols, complicating efforts to trace and recover the assets.
While DeFi platforms were the primary targets in early 2024, centralized services became the hackers’ focus by mid-year, with attacks on exchanges like WazirX and DMM Bitcoin demonstrating the vulnerabilities of private key management.
Private key compromises accounted for 43.8% of crypto theft this year, underscoring the importance of robust security measures.
The timing of North Korea’s exploits raises questions about geopolitical factors. Following a summit between Vladimir Putin and Kim Jong Un in June, North Korea’s hacking activity seemingly decreased by 53.73%, while non-DPRK-related crypto theft rose slightly.
Experts speculate that Pyongyang may have redirected resources toward its military collaboration with Russia, including supplying weapons for the ongoing conflict in Ukraine.
The unprecedented scale of theft in 2024 has reignited calls for enhanced security protocols within the crypto industry.
Predictive technologies, such as machine learning tools developed by Hexagate and Chainalysis, are becoming vital in detecting and preventing attacks before they occur.
However, closing security gaps will require collaboration between regulators, law enforcement, and private companies to combat increasingly sophisticated hackers.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
 platforms.){kind=link}