Crypto hacking remains a persistent threat, with four years in the past decade individually seeing more than a billion dollars’ worth of crypto stolen (2018, 2021, 2022, and 2023). 2024 marks the fifth year to reach this troubling milestone, highlighting how, as crypto adoption and prices rise, so too does the amount that can be stolen.
„In 2024, funds stolen increased by approximately 21.07% year-over-year (YoY) to $2.2 billion, and the number of individual hacking incidents increased from 282 in 2023 to 303 in 2024.” – according to a Chainanalysis report.
Interestingly, the intensity of crypto hacking shifted about halfway through the year. In our mid-year crime update, we noted that cumulative value stolen between January 2024 and July 2024 had already reached $1.58 billion, approximately 84.4% higher than the value stolen over the same period in 2023. As we see in the chart below, through the end of July, the ecosystem was easily on track for a year that could rival the $3 billion+ years of 2021 and 2022. However, 2024’s upward trend slowed considerably after July, after which it remained relatively steady. Later, we’ll explore a potential geopolitical reason for this change.
In terms of amount stolen by victim platform type, 2024 also saw interesting patterns. In most quarters between 2021 and 2023, decentralized finance (DeFi) platforms were the primary targets of crypto hacks. It’s possible that DeFi platforms were more vulnerable because their developers tend to prioritize rapid growth and bringing their products to market over implementing security measures, making them prime targets for hackers.
Although DeFi still accounted for the largest share of stolen assets in the first quarter of 2024, centralized services were the most targeted in Q2 and Q3. Some of the most notable centralized service hacks include DMM Bitcoin (May 2024; $305 million) and WazirX (July 2024; $234.9 million).
In 2024, North Korean hackers stole more from crypto platforms than ever before
Hackers linked to North Korea have become notorious for their sophisticated and relentless tradecraft, often employing advanced malware, social engineering, and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions. U.S. and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security. In 2023, North Korea-affiliated hackers stole approximately $660.50 million across 20 incidents; in 2024, this number increased to $1.34 billion stolen across 47 incidents — a 102.88% increase in value stolen. These figures represent 61% of the total amount stolen for the year, and 20% of total incidents.
Note that, in last year’s report, we published that the DPRK stole $1.0 billion across 20 hacks. Upon further investigation, we determined that certain large hacks we had previously attributed to the DPRK are likely no longer related, hence the decrease to $660.50 million. However, the number of incidents remains the same, as we identified other smaller hacks attributed to the DPRK. We aim to constantly re-evaluate our assessment of DPRK-linked hacking events as we acquire new on-chain and off-chain evidence.
Unfortunately, it appears that the DPRK’s crypto attacks are becoming more frequent. In the below chart, we examined the average time between successful DPRK attacks depending on the size of the exploit and found that there was a decline YoY in attacks of all sizes. Notably, attacks between $50 and $100 million, and those above $100 million occurred far more frequently in 2024 than they did in 2023, suggesting that the DPRK is getting better and faster at massive exploits. This is in stark contrast to the previous two years, during which its exploits more often each yielded profits below $50 million.
When examining the DPRK’s activity in comparison to all other hacks we measured, it is clear that the DPRK has been consistently responsible over the last three years for most large-size exploits. Interestingly, the DPRK’s dominance of the high end of the exploitation ladder continued in 2024, but there is also a growing density of DPRK hacks at lower amounts, most notably around $10,000 in value.
Some of these events appear to be linked to North Korean IT workers, who have been increasingly infiltrating crypto and Web3 companies, and compromising their networks, operations, and integrity. These workers often use sophisticated Tactics, Techniques, and Procedures (TTPs), such as false identities, third-party hiring intermediaries, and manipulating remote work opportunities to gain access. In a recent case, the U.S. Department of Justice (DOJ) indicted 14 DPRK nationals who obtained employment as remote IT workers at U.S. companies and generated more than $88 million by stealing proprietary information and extorting their employers.
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below:
