North Korean-backed hackers stole at least $659 million through multiple cryptocurrency heists in 2024, while also deploying IT workers to infiltrate blockchain companies as insider threats, according to Japan, South Korea and the United States in a rare joint statement (PDF) on Tuesday.
The announcement provided the first official confirmation that North Korea was behind July’s $235 million hack of WazirX, India’s largest cryptocurrency exchange. The July 2024 breach forced WazirX to suspend trading and later restructure the firm.
Other major attacks included a $308 million theft from Japan’s DMM Bitcoin, $50 million each from Upbit and Radiant Capital, and $16.13 million from Rain Management, according to the joint statement.
The statement says the Lazarus Group, a known threat group of North Korean hackers, conducted social engineering attacks and deployed cryptocurrency-stealing malware like TraderTraitor to breach exchanges, while also infiltrating companies by having North Korean IT workers pose as job candidates, according to the statement.
“The United States, Japan, and the Republic of Korea advise private sector entities, particularly in blockchain and freelance work industries, to thoroughly review these advisories and announcements to better inform cyber threat mitigation measures and mitigate the risk of inadvertently hiring DPRK IT workers,” the governments said.
Earlier U.N. reports estimated that North Korea stole $3 billion in cryptocurrency between 2017 and 2023 to fund its sanctioned nuclear weapons programs. Recent data from Chainalysis showed North Korean hackers were responsible for 61% of all cryptocurrency stolen in 2024, totaling $1.34 billion.