The cryptocurrency industry has faced a growing threat from North Korean state-sponsored hackers, who have intensified their efforts to steal digital assets over the past year. These sophisticated cyberattacks have resulted in billions of dollars in losses, raising concerns about the security of cryptocurrencies and their potential impact on the global financial system.
According to blockchain analysis firm Chainalysis, funds stolen in “crypto heists” have nearly doubled year-over-year (YoY), reaching $1.58 billion by the end of July 2024. This surge in cybercrime is largely attributed to North Korean hacking groups. The UN Security Council’s panel of experts on North Korea reported that these hackers had stolen an estimated $3 billion in cryptocurrencies since 2017. The panel also stated that these attacks have become more sophisticated and are a significant source of revenue for North Korea’s weapons of mass destruction programs.
These hackers have shifted their targets from decentralized exchanges to centralized exchanges, leading to significant losses. In 2024 alone, $305 million was stolen from DMM and $55 million from BTCTurk. In 2023, Euler Finance, a decentralized finance (DeFi) platform, was the victim of a $197 million hack. While not definitively linked to North Korea, the attack’s sophistication and scale were reminiscent of previous North Korean operations, raising suspicions about their involvement.
The United Nations has expressed alarm over the infiltration tactics employed by North Korean hackers. They have reported that Western tech industry firms have hired more than 4,000 North Koreans, many of whom are believed to be using these positions to gather intelligence and gain access to sensitive systems. This tactic was further highlighted in a joint advisory issued by the FBI, CISA, and the U.S. Treasury Department, warning that North Korean IT workers were using stolen identities to apply for remote work positions, potentially gaining insider access to cryptocurrency companies and financial institutions.
At the forefront of these attacks is the infamous Lazarus Group, a hacking collective widely believed to be controlled by North Korea’s primary intelligence agency, the Reconnaissance General Bureau. In April 2022, the FBI and CISA issued a joint alert warning about new malware variants associated with the Lazarus Group, targeting the cryptocurrency and blockchain industries. The group’s most notorious heist remains the 2022 Ronin Network hack, where they stole approximately $620 million in cryptocurrency.
The U.S. Justice Department’s seizure of $500,000 in ransom payments made to North Korean hackers in July 2022 demonstrates the ongoing struggle between cybercriminals and law enforcement.
In response to the escalating threat, the U.S. Treasury Department has imposed sanctions on several North Korean hacking groups. In March 2020, the department sanctioned two Chinese nationals for their alleged role in laundering stolen cryptocurrency for North Korean hackers.
The cryptocurrency industry has also taken steps to strengthen its defenses. Major exchanges like Binance and Coinbase have made significant investments in cybersecurity measures. In May 2023, Binance announced the recovery of $4.4 million worth of crypto assets stolen by North Korean hackers, showcasing the industry’s improving ability to track and recover stolen funds.
The ongoing threat posed by North Korean hackers is expected to be a key topic at Benzinga’s upcoming Future of Digital Assets event on November 19, 2024. Industry leaders, cybersecurity experts, and policymakers will discuss strategies for enhancing the resilience of crypto exchanges and protecting users from state-sponsored attacks.
The battle against these sophisticated cybercriminals is ongoing, requiring a coordinated effort from governments, industry players, and cybersecurity experts to safeguard the digital assets and protect the integrity of the global financial system.
