Cybercrime

US, Japan, South Korea Blame North Korean Hackers for $660M Crypto Heists

The US, Japan, and South Korea say North Korean hackers stole roughly $660 million in cryptocurrency last year.

North Korea hackers

North Korean hackers stole approximately $660 million in cryptocurrency in 2024, the US, Japan, and South Korea said in a joint statement on Tuesday.

Warning the blockchain technology industry of the threat posed by the North Korean hacking groups, the statement reiterates that the stolen funds are used to fuel Pyongyang’s “unlawful weapons of mass destruction and ballistic missile programs”.

Democratic People’s Republic of Korea (DPRK) hackers, the three countries say, were responsible for at least five cryptocurrency heists last year, stealing $308 million from DMM Bitcoin, $50 million from Upbit, $16.13 million from Rain Management, $235 million from WazirX, and $50 million from Radiant Capital.

“The advanced persistent threat groups affiliated with the DPRK, including the Lazarus Group, which was designated by the relevant authorities of our three countries, continue to demonstrate a pattern of malicious behavior in cyberspace by conducting numerous cybercrime campaigns to steal cryptocurrency and targeting exchanges, digital asset custodians, and individual users,” the joint statement reads.

The North Korea-affiliated threat actors employ well-disguised social engineering attacks to deploy malware such as TraderTraitor, AppleJeus, and others. Some of these malicious campaigns have been ongoing for over half a decade.

In September 2024, the FBI warned that North Korean hackers have been aggressively targeting the cryptocurrency industry, conducting extensive research on prospective victims and approaching them with individualized fake scenarios.

Advertisement. Scroll to continue reading.

Additionally, the US, Japan, and Korea also issued multiple warnings on the threat posed by North Korean fake IT workers, who funneled at least $88 million to the Pyongyang regime over six years.

“The United States, Japan, and the Republic of Korea advise private sector entities, particularly in blockchain and freelance work industries, to thoroughly review these advisories and announcements to better inform cyber threat mitigation measures and mitigate the risk of inadvertently hiring DPRK IT workers,” the joint statement reads.

Related: Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024

Related: North Korea Deploying Fake IT Workers in China, Russia, Other Countries

Related: US Issues Final Rule for Protecting Personal Data Against Foreign Adversaries

Related: With War Next Door, EU is Warned on Cybersecurity Gaps

Related Content

Supply Chain Security

The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer to developers.

Artificial Intelligence

Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web.

Cybercrime

The decentralized prediction market said hackers targeted some of its users through a compromise of a third-party vendor.

Supply Chain Security

A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions.

Artificial Intelligence

French President Emmanuel Macron urged the world’s wealthy democracies to work together on regulating advanced AI systems.

Malware & Threats

CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution.

Cyberwarfare

US service members received WhatsApp messages claiming they would be targeted with drones and missiles.

Nation-State

The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version