North Korea Was Responsible for Over $600M in Crypto Thefts Last Year: TRM Labs

U.S. national security officials have raised concerns about North Korea's use of stolen crypto to develop nuclear weapons.

AccessTimeIconJan 5, 2024 at 2:00 p.m. UTC
Updated Mar 8, 2024 at 7:24 p.m. UTC

North Korea-affiliated hackers were involved in a third of all crypto exploits and thefts last year, making off with some $600 million in funds, according to a report from TRM Labs.

The sum brings the Democratic People's Republic of Korea's (DPRK) total take from crypto projects to almost $3 billion over the past six years, the blockchain analytics firm said Friday.

Still, the figure is about 30% less than in 2022, TRM's head of legal and government affairs, Ari Redbord, said. That year, DPRK-affiliated actors made off with around $850 million, "a huge chunk" of which came from the Ronin Bridge exploit, Redbord told CoinDesk in an interview. In 2023, most of the stolen funds were taken in the last few months; TRM attributed about $200 million in stolen funds to North Korea in August 2023.

"They're clearly attacking the crypto ecosystem at a really unprecedented speed and scale and continue to take advantage of sort of weak cyber controls," he said.

Many of the attacks continue to use so-called social engineering, allowing the perpetrators to acquire private keys for projects, he said.

Overall, the amount stolen in hacks in 2023 was roughly half that taken the previous year – $1.7 billion compared with $4 billion.

Redbord attributed the drop to several factors. There were fewer major hacks like 2022's Ronin theft, and other factors include successful law enforcement actions, better cybersecurity controls and, to a limited extent, price volatility over the past year.

What makes North Korean attacks stand out is that proceeds go toward the development of weapons of mass destruction, raising national security concerns.

"North Korean hackers are different, because it's not for greed or money or the typical hacker mentality; it's about taking those funds and using them for weapons proliferation and other types of destabilizing activity, which is a global threat," he said. "And that's why there's such a focus on it from a national security perspective."

National security officials in the U.S., Republic of Korea and Japan have directly mentioned these concerns in a recent trilateral meeting about North Korea's WMD efforts.

"Ronin really changed that conversation to a national security conversation," Redbord said. "Ronin was the first time we saw U.S. Treasury designate North Korea-related addresses, and it was the addresses that the original funds went off to ... and then the next two addresses. This is what started the whole Tornado Cash [sanctions], and then and now Sinbad, so it's a whole-of-government approach to go after this issue."

Edited by Sheldon Reback.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Nikhilesh De

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.