In 2024, North Korea’s cyber operations reached unprecedented levels, with hackers associated with the regime pilfering $1.6 billion in cryptocurrency, as reported by Chainalysis.

This represents a significant increase from the $660.5 million stolen in 2023 and highlights the vital role that cybercrime plays in financing the operations of Pyongyang’s government.

A total of $2.2 billion was stolen from crypto platforms in 2024, with North Korea responsible for 61% of that amount, according to Chainalysis.

The country’s cybercrime network launched 47 distinct attacks this year, doubling the number of incidents compared to the previous year. These operations are aimed at crypto platforms and decentralized finance systems to drain funds intended for North Korea’s weapons development and ballistic missile initiatives.

North Korean tactics are evolving

North Korean hackers have grown more sophisticated, utilizing advanced malware and employing social engineering strategies. Their operations have also broadened to include infiltrating cryptocurrency companies while posing as remote workers.

In a notable incident, 14 North Korean nationals were indicted by the U.S. Department of Justice for utilizing false identities to obtain remote IT positions, amassing over $88 million through data theft and extortion.

The frequency and scale of these cyberattacks are on the rise. North Korean groups conducted more large-scale hacks exceeding $100 million in 2024 than in prior years, highlighting their increasing capability for significant thefts.

Additionally, smaller-scale hacks are also on the uptick, with incidents involving under $50 million becoming more common.

The international community has long expressed concern regarding North Korea’s dependency on cybercrime as a means to circumvent sanctions. U.S. officials estimate that illicit online activities account for up to a third of the regime’s funding for its missile program.

A shift in activity after Russian ties

Most of North Korea’s crypto theft took place in the first half of 2024. Hacking activities noticeably decreased after June, which coincided with the strengthening of ties between North Korea and Russia. Analysts propose that the regime may have modified its cyber strategies following a meeting between Kim Jong Un and Vladimir Putin, indicating increased collaboration between the two nations.

“It is therefore plausible that,” the report stated, “besides redirecting military resources toward the conflict in Ukraine, the DPRK — which has substantially enhanced its cooperation with Russia in recent years — may have adjusted its cybercriminal endeavors as well.”

The slowdown, however, did not affect the overall significance of the year. North Korea has positioned itself as a leading player in cryptocurrency theft, accounting for two-thirds of global hacking incidents in 2024.