Chainalysis: $2.2 billion stolen from crypto platforms in 2024 cyberattacks

Avatar

More than $2 billion worth of cryptocurrency has been stolen from crypto platforms in 2024 according to blockchain research firm Chainalysis. 

The company found that for the fifth year in a row, thefts from such entities have surpassed $1 billion, growing more than 21% in 2024 to $2.2 billion. The number of incidents 282 in 2023 to 303 in 2024, Chainalysis observed

The researchers noted that crypto platforms reached $1.5 billion in losses between January and July alone — setting the industry on pace for $3 billion worth of thefts for the year. But the number of attacks and the size of incidents cooled significantly midway through the year following headline-grabbing losses of $305 million from Japanese platform DMM Bitcoin in May and nearly $235 million from Indian company WazirX in July. 

Both of the attacks had real world implications. DMM Bitcoin announced two weeks ago that the hack forced its owners to shut down the site and sell off all crypto assets to Japanese financial services giant SBI Group. Chainalysis tracked the stolen DMM funds as they were laundered through several different platforms and eventually cashed out on notorious Cambodian financial platform Huione Guarantee — a hub for Chinese organized crime and cyber scams.

In November, Indian authorities arrested a man from West Bengal who they accuse of being behind the pilfering of $235 million of WazirX. 

Chainalysis said hacking groups connected to North Korea’s government continued to lead the way in the majority of thefts from crypto platforms, stealing $1.34 billion across 47 incidents in 2024. Those figures are significant increases after 2023 saw $660.50 million stolen in 20 attacks.

North Korean hackers have now become “notorious,” according to Chainalysis, for their crypto heists — which the country uses to circumvent international sanctions and fund its ballistic missiles programs

“Unfortunately, it appears that the DPRK’s crypto attacks are becoming more frequent,” the researchers said.

“Notably, attacks between $50 and $100 million, and those above $100 million occurred far more frequently in 2024 than they did in 2023, suggesting that the DPRK is getting better and faster at massive exploits. This is in stark contrast to the previous two years, during which its exploits more often each yielded profits below $50 million.”

While several of the biggest hacks ever based on the amount stolen have been attributed to North Korean actors, the country also continues to evolve into stealing small amounts from more miniscule platforms. Chainalysis said it has seen a growing density of North Korean attacks “most notably around $10,000 in value.”

Chainalysis noted that there was a steep decline in attacks by North Korean groups after July and attributed it to a June summit held between Russian President Vladimir Putin and North Korean leader Kim Jong Un. 

Since the summit, Russia has lavished North Korea with money and weapons while Pyongyang in turn has allegedly sent its own soldiers to fight in the invasion of Ukraine. 

The researchers said the amounts stolen by the DPRK dropped by approximately 53.73% after the summit, whereas non-DPRK amounts stolen rose by approximately 5%.

The skill of North Korea’s crypto hackers continues to confound security experts. Last week, crypto platform Radiant Capital published a postmortem on a September incident where more than $50 million was stolen. 

The hackers, allegedly connected to North Korea’s Reconnaissance General Bureau (RGB), used innovative tactics to corrupt devices used by Radiant Capital engineers. 

North Korea’s government netted $3 billion from cryptocurrency platform attacks between 2017 and 2023, according to United Nations investigators.

CybercrimeNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

US seeks extradition of alleged LockBit ransomware developer from Israel

Next Post

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Related Posts

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake
Avatar
Read More

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS
Avatar
Read More