North Korea Hacks $659 Million in Crypto in 2024, Joint Statement from US, Japan, and South Korea

In a chilling revelation, a joint statement issued today by the United States, Japan, and South Korea confirmed that North Korean hackers stole a staggering $659 million in cryptocurrency through multiple heists in 2024. The report highlights five major incidents, including a newly attributed $235 million theft from Indian crypto exchange WazirX by the infamous Lazarus Group, a cybercriminal organization linked to billions in stolen assets over the last decade.

The largest single theft of the year struck Japan’s DMM Bitcoin, with hackers making off with $308 million. The devastating loss ultimately forced the exchange to close its doors, underscoring the economic toll of these attacks.

The Lazarus Group, which gained global notoriety after stealing $625 million from the Axie Infinity blockchain game in 2022, continues to wreak havoc on the cryptocurrency industry. Their exploits have made them one of the most prolific state-sponsored cybercriminal groups, directly funding North Korea’s regime amidst escalating international sanctions.

The 2024 heists follow a well-documented pattern of sophisticated cyberattacks. These include exploiting social engineering tactics, such as phishing campaigns and impersonation scams, combined with custom malware like TraderTraitor and AppleJeus to infiltrate and drain crypto platforms.

The US government observed a marked escalation in attacks on the cryptocurrency sector by North Korean operatives as recently as September 2024. These campaigns employ deceptive social engineering techniques, such as:

• Fake job offers and business opportunities: Victims are lured with tailored scenarios and communications, leading them to download malware-laden software.
• Phishing against employees of crypto firms: Hackers convincingly impersonate trusted contacts or industry figures, using realistic photos and publicly available information to establish credibility.

The FBI previously warned that North Korean IT workers often infiltrate businesses under the guise of freelance or remote roles, potentially gaining access to sensitive systems. Companies in the crypto industry have been urged to thoroughly vet potential hires and implement the latest security measures to mitigate risks.

The United States, Japan, and South Korea are urging industry players to heed security advisories and bolster their defenses. This includes revisiting CoinDesk’s recent report highlighting warning signs and recommended actions to avoid inadvertently hiring compromised IT workers.

“We are witnessing increasingly aggressive and sophisticated attempts to compromise the cryptocurrency industry,” the joint statement reads. “It is imperative that businesses remain vigilant and proactive in addressing these evolving threats.”

Beyond the immediate financial losses, these attacks have left a trail of devastation for businesses and consumers alike. The closure of DMM Bitcoin marked a significant blow to Japan’s crypto ecosystem, while the heist at WazirX rattled confidence in India’s growing digital asset market.

As the cryptocurrency industry continues to expand, the stakes for security have never been higher. With Lazarus Group and other bad actors honing their strategies, the battle to safeguard digital assets is an ongoing and urgent challenge.

For businesses and investors alike, the message is clear: stay informed, stay vigilant, and prioritize security.

Terry Jones
UCW Newswire