North Korean hackers orchestrated multiple cryptocurrency heists totaling at least $659 million in 2024, according to a joint statement released by the United States, Japan, and South Korea on Tuesday.
The announcement revealed five major attacks, including a previously unconfirmed $235 million theft from WazirX, India's largest cryptocurrency exchange. The most substantial breach targeted Japan's DMM Bitcoin exchange, resulting in a $308 million loss and the exchange's subsequent closure.
Other attacks included $50 million stolen from both Upbit and Radiant Capital, along with $16.13 million from Rain Management. The notorious Lazarus Group, a North Korean hacking organization, was identified as the primary perpetrator.
The hackers employed sophisticated social engineering tactics, including:
- Creating fake job opportunities and business proposals
- Impersonating industry professionals using stolen social media information
- Deploying specialized malware like TraderTraitor and AppleJeus
- Infiltrating companies by placing North Korean IT workers as job candidates
Recent data from Chainalysis indicates North Korean hackers were responsible for 61% of all cryptocurrency stolen globally in 2024, amounting to $1.34 billion. According to UN reports, between 2017 and 2023, North Korea had already stolen approximately $3 billion in cryptocurrency, allegedly using these funds to support its nuclear weapons programs.
The three governments urged private sector entities, particularly those in blockchain and freelance industries, to strengthen their security measures and carefully screen potential hires to avoid inadvertently employing North Korean operatives.