North Korea has turbocharged its illicit fundraising, siphoning a staggering $1.34 billion from cryptocurrency platforms in 2024 alone—the largest haul in its digital heist history. The rogue nation has executed 47 separate attacks this year, accounting for an astonishing 61% of all cryptocurrency stolen globally. Since 2017, they’ve pilfered over $6 billion through these digital smash-and-grabs. And they’re getting better at it.
Behind these sophisticated operations stands the notorious Lazarus Group, Pyongyang’s elite hacking unit. These aren’t amateur hackers—they’re state-sponsored professionals with a singular mission: fund the regime by any means necessary. They target vulnerable cryptocurrency exchanges and increasingly exploit DeFi platforms using phishing, social engineering, and supply chain attacks. Their tactics have evolved to specifically target users’ private keys, which provide complete control over cryptocurrency assets stored in DeFi wallets.
Once they’ve grabbed the loot, they launder it at breakneck speed through mixers and tumblers, commingling funds from different heists to throw off investigators. The recent Bybit hack represents a significant escalation, with hackers stealing an unprecedented USD 1.5 billion in Ethereum tokens. The attack employed sophisticated phishing techniques against cold wallet signers, replacing legitimate multi-signature wallets with compromised versions. Pretty clever for a country that can barely keep its lights on.
The stolen crypto isn’t funding luxury yachts for the elite (well, maybe some). It’s being channeled directly into North Korea‘s weapons programs—nuclear warheads and the missiles to deliver them. These digital bank robberies effectively circumvent international sanctions, providing Kim Jong Un’s regime with the foreign currency needed to advance military objectives and beef up cyber warfare capabilities.
While the world debates crypto’s future, North Korea turns digital theft into nuclear fuel for its war machine.
Tracking and recovering these funds? Good luck. The decentralized nature of cryptocurrency makes tracing difficult, especially when funds bounce between multiple blockchains and convert rapidly between different currencies. Regulatory gaps between countries provide convenient escape routes.
The global response has been predictably sluggish. UN panels investigate, the US Treasury issues sanctions, and blockchain analytics improves—but North Korea stays steps ahead. Meanwhile, crypto exchanges strengthen security, though often after becoming victims themselves.
The message is clear: while the world debates cryptocurrency regulation, North Korea has turned digital theft into a formidable funding stream for its war machine. Bitcoin by bitcoin, they’re building bombs.
