Escalating North Korean Hacks Rise Alarms

The United States, Japan, and South Korea have issued a joint warning on the escalating threat posed by North Korean cryptocurrency hackers, particularly the notorious Lazarus Group.

The statement highlights how these cybercriminals continue to target crypto exchanges and related platforms to siphon funds, endangering the financial security of the three nations and their international allies.

The joint declaration underscores the gravity of the issue, revealing that the stolen assets are primarily used to fund Pyongyang's intercontinental ballistic missile (ICBM) programme, raising serious global security concerns.

The statement points to several high-profile incidents as evidence of the scale of North Korea's illicit cyber activities.

Among these are the $308 million DMM Bitcoin breach, the $50 million Upbit hack, the staggering $600 million Ronin network exploit, and Rain Management's $16.13 million loss.

Additionally, one of the most significant crypto thefts of the past year—the $235 million WazirX exploit—further underscores the sophistication and persistence of these hacking operations.

Emphasizing the urgent need for a coordinated response, the joint announcement calls for strengthened collaboration between governments and the private sector to counter these cyber threats effectively:

“Our three governments strive together to prevent thefts, including from private industry, by the DPRK and to recover stolen funds with the ultimate goal of denying the DPRK illicit revenue for its unlawful weapons of mass destruction and ballistic missile programs.”

The warning follows a major move by South Korea, which recently imposed sanctions on 15 North Koreans accused of facilitating cryptocurrency thefts to fund the regime’s nuclear weapons development.

With cybercrime increasingly serving as a financial backbone for North Korea’s weapons programmes, the statement signals a firm stance by the three nations against the regime’s evolving cyber warfare tactics.

The statement released by South Korea's Ministry of Foreign Affairs pointed out:

“In particular, North Korean IT personnel are known to be dispatched to China, Russia, Southeast Asia, Africa, and other countries as employees of regime-affiliated organizations such as the Ministry of Defense, disguising their identities and receiving work from IT companies around the world, while some are also known to be involved in information theft and cyberattacks.”

Safeguarding Against the North Korean Hackers

The joint statement from the US, Japan, and South Korea underscores how North Korean hackers rely on sophisticated social engineering tactics to infiltrate their targets.

Once successful, they deploy malware strains like AppleJeus and TraderTraitor to execute large-scale cyber thefts.

Despite ongoing sanctions, the DPRK’s cybercrime operations remain relentless, continuing to exploit vulnerabilities in the global financial system.

In response, the three nations stress the importance of proactive defense measures, advocating for increased information sharing among key stakeholders.

They call for a stronger partnership between public and private entities to disrupt the hackers' revenue streams and mitigate the impact of their attacks.

While sanctions may hinder North Korea's cybercriminal networks, the statement suggests that a more comprehensive strategy—one that includes real-time intelligence sharing and cross-sector collaboration—is essential to curbing these persistent threats.

2024 Saw at Least $1.3B Stolen by North Korean Hackers

North Korean-affiliated hackers have emerged as a major threat to the integrity of the crypto industry, executing increasingly sophisticated attacks with alarming efficiency.

In 2024 alone, these groups stole over $1.34 billion in digital assets across 47 incidents—more than double the $660 million stolen in 2023—according to data from Chainalysis.

This staggering sum accounts for over 61% of all crypto thefts that year and more than 20% of total hacking incidents.

The sharp rise in high-value breaches signals a troubling evolution in the DPRK's cyber tactics.

Chainalysis observed a growing number of attacks yielding $50 million or more, suggesting a deliberate shift toward larger, more profitable exploits:

“Notably, attacks between $50 and $100 million, and those above $100 million occurred far more frequently in 2024 than they did in 2023, suggesting that the DPRK is getting better and faster at massive exploits.”

By contrast, in 2022, most of North Korea's cyber heists generated significantly lower returns.

As these hackers refine their methods, the scale and sophistication of their operations continue to pose a serious challenge to global cybersecurity efforts.