A recent investigation by the United Nations Security Council has uncovered that North Korean hackers have been stealing cryptocurrency over the past seven years and using the funds for weapons development.
David Robinson, co-founder of Internet 2.0 and former Australian Army Intelligence Officer, highlighted the risk to consumers in an interview with Sky News. He noted, “North Korean hackers have stolen $3 billion to date, according to the UN.”
The U.N. Security Council's sanctions committee investigated 97 suspected North Korean cyberattacks on cryptocurrency companies between 2017 and 2024, amounting to $3.6 billion in stolen funds. These hackers targeted crypto platforms, consumers, and wealthy individuals using crypto for business transactions. Chainalysis estimated that North Korean hackers stole $400 million in 2021, primarily in Ethereum (ETH).
In May, reports surfaced of North Korean hackers deploying a new malware variant named “Durian” to target cryptocurrency companies in South Korea. According to a Kaspersky threat report dated May 9, the North Korean hacking group Kimsuky used malicious software in specific attacks against two South Korean cryptocurrency companies. These attacks exploited genuine security software used exclusively by South Korean crypto firms.
North Korean hackers also use social media to scam individuals and companies. They create fake profiles of celebrities or professionals to promote fraudulent crypto schemes and phishing links. They often employ classic crypto fraud techniques like sending malicious links via messages or comments that lead to fake crypto exchange websites.
Since 2021, there has been increasing collaboration between Russia-based crypto exchanges and North Korean hacking groups. Blockchain analysts report that these groups use Russian exchanges to launder stolen cryptocurrency as international monitoring hampers North Korea’s on-chain activities.
Chainalysis has revealed that these groups frequently utilize Russian exchanges to move stolen crypto from various platforms.