In a year marked by unprecedented cryptocurrency theft, North Korean hackers have emerged as prime suspects in some of the most notorious cyber heists. The Lazarus Group, infamous for their brazen attacks, is among those being pursued by governments worldwide.
South Korea Imposes Sanctions on North Korean IT Organization Members
The latest country to join the pursuit is South Korea, which has imposed sanctions on 15 members of North Korean IT organizations and one related group. According to a December 26 news release by South Korea’s Ministry of Foreign Affairs, the sanctioned agents have allegedly procured funds for North Korea’s nuclear missile development program and the DPRK’s Munitions Industry Department through "overseas foreign currency-earning activities."
Sanctioned Individuals Accused of Earning Large Amounts of Foreign Currency
Among those sanctioned is Kim Cheol-min, a member of the 313th General Bureau, who allegedly earned a "large amount of foreign currency" by working undercover for United States and Canadian companies before delivering the funds to Pyongyang’s nuclear weapons program. Another sanctioned worker, Kim Ryu Song, was indicted by US lawmakers on December 11 for violating sanctions, money laundering, and identity theft in generating more than $88 million of revenue over six years.
Total Annual Funds Loss: A Record-Breaking Year for Crypto Hackers
The sanctions came after a big year for crypto hackers, who stole $2.3 billion worth of cryptocurrency in 2024, a 40% increase over the value stolen in 2023. According to Chainalysis data, North Korea-affiliated hackers have become a major threat to the security of the crypto space.
North Korean Hackers Stole Over $1.34 Billion Worth of Digital Assets
During 2024, North Korean hackers stole over $1.34 billion worth of digital assets across 47 incidents, marking a 102% increase from the $660 million stolen in 2023. The $1.34 billion represents over 61% of the total crypto value stolen during 2024 and more than 20% of the total hacking incidents.
DPRK Hacking Activity: A Growing Threat to Crypto Security
The increase in the frequency of attacks that yielded higher profits to the tune of $50-100 million suggests that the DPRK has improved its hacking methods, allowing it to conduct more lucrative exploits. In contrast, DPRK’s exploits in 2022 often resulted in profits of less than $50 million.
Sophisticated Attacks on the Rise
Despite an overall decrease in the total number of attacks, sophisticated attacks by North Korean agents are increasing. Chainalysis noted that "notably, attacks between $50 and $100 million, and those above $100 million occurred far more frequently in 2024 than they did in 2023, suggesting that the DPRK is getting better and faster at massive exploits."
The Time Between Successful DPRK Attacks
The time between successful DPRK attacks has decreased significantly, with an average of just 17 days between incidents. This suggests that the DPRK is becoming increasingly adept at conducting massive exploits.
A Worrying Sign for 2025
The rise in sophisticated attacks by North Korean agents is a worrying sign for 2025. As governments and institutions continue to impose sanctions on those suspected of involvement, it remains to be seen whether these efforts will curb the DPRK’s hacking activities or merely drive them further underground.
North Korea’s Nuclear Missile Development Program: A Major Concern
The funds procured by North Korean IT organization members for the country’s nuclear missile development program are a major concern. The development and deployment of nuclear missiles pose a significant threat to global security, and it is essential that governments continue to work together to prevent these activities.
Conclusion
The pursuit of North Korean hackers by governments worldwide highlights the growing concern over crypto theft and the need for increased security measures in the Web3 space. As the frequency and sophistication of attacks increase, it is clear that a collaborative effort is required to combat this threat and protect the integrity of the global financial system.
Recommendations
- Strengthen Regulations: Governments must continue to impose stricter regulations on crypto-related activities to prevent North Korean hackers from exploiting vulnerabilities.
- Enhance Security Measures: Institutions must invest in advanced security measures, including multi-factor authentication and robust encryption protocols, to protect against sophisticated attacks.
- Collaborate Internationally: Governments and institutions must work together to share intelligence and best practices in preventing and responding to crypto theft.
- Support Research and Development: Governments should provide funding for research and development of cutting-edge security technologies to stay ahead of the DPRK’s hacking methods.
By taking these steps, we can better protect ourselves against the growing threat of North Korean hackers and ensure a safer Web3 ecosystem for all users.
