The United States, Japan, and South Korea have issued a joint warning to the blockchain industry about the growing threat posed by North Korean hackers. According to officials, North Korea’s cyber program represents a severe danger not only to these nations but also to the stability of the global financial system as a whole.
The governments of the three nations are collaborating to prevent thefts and recover stolen assets, aiming to deprive North Korea of illicit revenues used to fund its weapons of mass destruction and ballistic missile programs.
The Lazarus Group, identified by all three nations as a threat to national security, continues to conduct numerous cryptocurrency theft campaigns, targeting exchanges, digital asset custodians, and individual users.
In 2024, authorities documented several major attacks linked to North Korea. Among these were the breach of DMM Bitcoin, resulting in $308 million in damages, the attack on Upbit with a $50 million loss, and the theft of $16.13 million from Rain Management. The U.S. and South Korea also attribute the theft of $235 million from WazirX and $50 million from Radiant Capital to North Korean hackers.
In September 2024, U.S. authorities reported aggressive attacks on the cryptocurrency sector involving social engineering tactics. Threat actors employed malicious software such as TraderTraitor, AppleJeus, and other tools. Similar tactics were observed by the governments of Japan and South Korea.
Particularly alarming is the infiltration of North Korean IT specialists into private companies under the guise of freelancers. Officials from the three countries urge blockchain industry representatives and companies hiring freelancers to conduct thorough background checks to avoid unknowingly employing North Korean operatives.
To combat these threats, the nations are strengthening cooperation with the private sector. In the U.S., mechanisms such as IVAN and Crypto-ISAC facilitate swift incident response through data-sharing networks. Joint symposia between South Korea and the U.S. aim to enhance collaboration between public and private entities. In Japan, regulators, alongside JVCEA, strongly recommend that companies conduct rigorous security self-audits.
The joint advisory was released three weeks after South Korea imposed sanctions on 15 North Koreans accused of conducting cyberattacks to fund the regime’s nuclear program.
According to a report by Chainalysis, hackers linked to North Korea stole $1.34 billion in crypto assets across 47 attacks in 2024, marking a 102% increase compared to 2023, when the total stolen amounted to $660 million. These thefts accounted for over 61% of all stolen cryptocurrency that year.
Chainalysis analysts noted a significant increase in the sophistication of North Korean hackers. In 2024, the number of attacks causing losses of $50 million or more surged, signaling a shift toward larger and more complex operations.
“The frequency of attacks causing damages between $50 million and $100 million, as well as those exceeding $100 million, rose sharply in 2024 compared to 2023, demonstrating improved methods and accelerated operations by North Korean hackers,” the report stated.
Unlike in 2022, when most attacks resulted in losses below $50 million, 2024 witnessed a clear rise in the effectiveness of these criminal operations.
