In 2024, North Korea has solidified its reputation as one of the biggest cybercriminal players in the cryptocurrency world. With a series of high-profile hacks, the regime has stolen hundreds of millions of dollars, funding its controversial missile and nuclear programs. But how exactly are they doing it? Here’s a breakdown of the top 5 methods North Korea’s hackers are using to infiltrate the crypto world.
1. Phishing Schemes & Fake Job Offers
North Korea’s hackers are masters at social engineering, particularly through phishing scams. They often pose as recruiters offering fake job opportunities, specifically targeting employees in the crypto and tech industries. These “recruiters” share convincing job offers with links that lead to malware, which then compromises the victim’s personal and company information, giving the hackers access to crypto wallets and systems.
The end result? Critical access to company wallets and the theft of vast amounts of cryptocurrency.
2. The Lazarus Group – Cyber Warfare at Its Peak
The Lazarus Group, North Korea's notorious cyber unit, is a major player in these attacks. This group is highly skilled in deploying complex hacking techniques to infiltrate exchanges and drain millions of dollars. Their preferred methods include sophisticated malware, ransomware, and crypto-mining viruses that are designed to steal both cryptocurrencies and sensitive data.
One of their most infamous hacks in 2024 was the WazirX attack, where the Lazarus Group stole over $230 million, putting them in the spotlight once again as a major threat to global crypto security.
3. Targeting Crypto Exchanges
Crypto exchanges have been a prime target for North Korean hackers, who exploit weak security systems to carry out their heists. WazirX, Upbit, Radiant Capital, and other major platforms have all experienced breaches in 2024, with North Korean hackers making off with millions of dollars.
In August, hackers took $308 million from DMM Bitcoin in Japan, and other exchanges have seen similar attacks with varying amounts being stolen. These exchanges hold vast amounts of user assets, making them highly valuable targets for North Korean hackers.
4. Malware – TraderTraitor & AppleJeus
Two malware programs, TraderTraitor and AppleJeus, have become infamous in North Korea’s crypto theft arsenal. These programs are cleverly disguised to look like legitimate software, but once downloaded, they wreak havoc on users' systems by granting hackers access to crypto wallets and sensitive data.
Both malware types are designed to target financial and trading platforms, further enabling North Korea’s cybercriminals to siphon funds from unsuspecting victims. Once the malware is installed, it operates in the background, allowing hackers to control the infected system and transfer funds without detection.
5. Funding Nuclear & Missile Programs
While North Korea’s cyberattacks on the cryptocurrency world may seem like simple heists, the stolen funds are often funneled directly into the country’s nuclear weapons and missile programs. The United Nations has repeatedly condemned North Korea for using cybercrime as a means of evading international sanctions and funding its military ambitions.
In fact, it’s estimated that North Korea has stolen more than $1.3 billion in cryptocurrency from exchanges and individuals in 2024 alone. This illicit money is a critical lifeline for the regime, as it continues to develop its weapons program while avoiding global financial restrictions.
North Korea’s cybercriminal operations are more sophisticated and dangerous than ever, with state-sponsored hacking groups like Lazarus leading the charge. From phishing scams to advanced malware attacks, North Korean hackers have a variety of methods to infiltrate the cryptocurrency world and steal millions. The stolen funds don’t just disappear—they fuel North Korea’s military and nuclear ambitions, posing a serious threat to global security.
As crypto exchanges and users become more aware of these tactics, it's crucial to strengthen security measures to protect assets and avoid falling victim to these increasingly sophisticated cyberattacks.