North Korea-backed hackers stole at least $659 million through multiple cryptocurrency heists in 2024, while also deploying IT workers to infiltrate blockchain companies as insider threats, according to Japan , South Korea and the United States in a rarely combined statements (PDF) on Tuesday.
The announcement provided the first official confirmation that North Korea was behind July $235 million WazirX hackIndia's largest cryptocurrency exchange. Due to the breach in July 2024, WazirX was forced to suspend trading and eventually reorganize the company.
Other major attacks included a $308 million theft from Japan's DMM Bitcoin, $50 million each from Upbit and Radiant Capital, and $16.13 million from Rain Management, according to the joint statement.
The statement claims that the Lazarus Group, a notorious North Korean hacker threat group, has carried out social engineering attacks and deployed cryptocurrency-stealing malware such as TraderTraitor to breach exchanges, while also infiltrating companies by having North Korean IT workers pose as job candidates, according to the statement.
“The United States, Japan, and the Republic of Korea advise private sector entities, particularly in the blockchain and freelance work industries, to review these advisories and announcements to better inform the measures in mitigating the cyber threat and reducing the risk of accidental recruitment of DPRK IT workers,” the governments said.
Earlier UN reports estimated that North Korea stole $3 billion in cryptocurrency between 2017 and 2023 to fund its sanctioned nuclear weapons programs. Recent data from Chainalysis showed that North Korean hackers were responsible for 61% of all cryptocurrency stolen in 2024, totaling $1.34 billion.
