U.S. Accuses North Korea of Stealing $659 Million in Cryptocurrency in One Year

Last year, the United States reported that North Korea stole $659 million in cryptocurrency, further highlighting its ongoing involvement in international cybercrime.

Escalating Threats to the Cryptocurrency Industry

The United States, Japan, and South Korea have issued warnings about the increasing threat posed by North Korean hackers targeting the cryptocurrency industry with active and aggressive tactics.

These malicious actors, affiliated with the Democratic People’s Republic of Korea (DPRK), are engaging in extensive cybercrime campaigns to steal cryptocurrencies.

Tactics of the Cybercriminals

Unscrupulous entities, including the notorious Lazarus group suspected by the US of conducting global cyberattacks since 2009, specifically target “exchange platforms, digital asset custodians, and individual users”. They have successfully pilfered $659 million worth of crypto assets in 2024 alone.

North Korean hackers employ “carefully disguised social engineering attacks” to breach target systems. They can also infiltrate private sector systems by posing as freelance IT workers.

Actions to Counter the Threat

In 2022, the US released guidelines to help identify potential workers from North Korea.

Once inside, these nefarious actors typically deploy malware, such as keyloggers and remote access tools, to steal login credentials and ultimately the virtual currency they manage to control and sell.

Utilization of Stolen Funds

A 2022 UN report revealed that North Korea uses the stolen funds to finance its missile programs.

The United States, Japan, and South Korea have stated: “Our three governments are jointly working to prevent thefts, including those from the private sector, by the DPRK and to recover the stolen funds with the ultimate goal of depriving the DPRK of illicit income for its illegal weapons of mass destruction and ballistic missile programs”.