North Korean Hackers and Cryptocurrency: A Growing Cyber Security Threat

North Korean hacking groups have become increasingly sophisticated, targeting cryptocurrency exchanges to fund the North Korean regime. They use social engineering and malware to exploit vulnerabilities in digital finance. As cyber threats evolve, organisations must strengthen their defences. AJC provides expert guidance and training to help businesses stay protected.

North Korea’s Role in Cybercrime

North Korea has emerged in recent years as one of the biggest cyber warfare state actors. The isolated nation has been especially prolific in the realm of cryptocurrency theft. The Kim regime has allegedly been using these crypto-thefts to fund its controversial nuclear weapons programme, according to the US government. North Korean hackers made a significant entry onto the cybercrime scene with their infamous 2014 hack of Sony Pictures, demonstrating their cyber capabilities.

The Scale of Cryptocurrency Theft

Over the course of 2024, state-sponsored North Korean hackers were responsible for the theft of over $659 million in cryptocurrency, according to a joint statement by the US, Japan, and South Korea. This figure includes North Korean hackers’ theft of $235 million from Indian crypto exchange WazirX, $308 million stolen from Japan’s DMM Bitcoin, and $50 million stolen from each of Upbit and Radiant Capital. A recent UN report estimated that North Korean hackers stole $3 billion in cryptocurrency between 2017 and 2023, and a report from Chainalysis claimed that North Korean hackers were responsible for 61% of all cryptocurrency stolen in 2024, totalling an amount of $1.3 billion. In December 2024, a federal court in St. Louis, USA indicted 14 North Koreans on charges of allegedly being part of a long-running conspiracy aimed at extorting funds from US companies to funnel into the North Korean nuclear weapons programme. [1]

Hacking Techniques Used by North Korea

These hacks have allegedly been primarily performed by the North Korean Lazarus Group, an allegedly state-sponsored hacking group. The hacking group used social engineering methods alongside malware and notably infiltrated organisations by posing as job candidates. The Lazarus Group has also been accused of creating copies of legitimate open-source software packages that they planted backdoors into in order to steal credentials, including cryptocurrency-related applications, authentication packages, and Web3 technologies. North Korea specifically targets cryptocurrency due to the decentralised and anonymous nature of the currency, allowing for easier money laundering. This allows the regime to bypass international sanctions and gain foreign currency without the oversight of banks and regulators.

The Future of North Korean Cybercrime

With the isolationist regime likely to remain sanctioned, its reliance on cybercrime will only continue to grow. Its state-sponsored hackers’ techniques will become increasingly refined, potentially exploiting emerging technologies such as AI. The ongoing efforts to combat state-sponsored hackers require constant vigilance, innovation, and international co-operation. These incidents have brought into focus the threat posed by North Korean hacking groups and the vulnerabilities they exploit in the digital financial sector, highlighting the need to enhance cybersecurity measures and stay ahead of emerging threats.

How Can AJC Help?

At AJC, we offer tailored cyber security services to help strengthen organisations’ cyber defences. Our bespoke training focuses on protecting against social engineering tactics used by sophisticated hacking groups. We also collaborate with our clients to enhance their cyber security measures, ensuring their organisations are well-prepared to address emerging cyber threats.

To learn more about AJC’s Cyber Security services and how we can help your organisation, visit our website or contact us today at 020 7101 4861 or info@ajollyconsulting.co.uk.

References
[1] Office of Public Affairs | Fourteen North Korean Nationals Indicted for Carrying Out Multi-Year Fraudulent Information Technology Worker Scheme and Related Extortions | United States Department of Justice

Image accreditation: André François McKenzie (2018) on Unsplash.com. Last accessed on 13th February 2025. Available at: https://unsplash.com/photos/gold-colored-bitcoin-iGYiBhdNTpE