Crypto hacking continued to escalate in 2024, reaching $2.2 billion in stolen funds, a 21.07% YoY increase. While DeFi platforms remained a significant target, centralized services experienced a surge in attacks, with private key compromises being the most prevalent.
Where hacks include DMM Bitcoin ($305 million) and WazirX ($234.9 million), highlighting the critical need for enhanced security measures, particularly around private key management.
Hackers laundered stolen funds through various channels, with bridge and mixing services being favored by private key compromisers, while DEXs were more commonly used for other attack vectors.
North Korean hackers significantly escalated cryptocurrency theft in 2024, stealing over $1.34 billion across 47 incidents, a 102.88% increase from 2023, which represents 61% of all cryptocurrency stolen this year and 20% of all hacking incidents.
The frequency of large-scale exploits increased dramatically, with attacks exceeding $100 million becoming more common. While the DPRK continues to dominate high-value exploits, they also expanded their activity to lower-value targets.
These trends are likely attributed to improved hacking capabilities and the infiltration of North Korean IT workers into crypto companies. To mitigate these risks, companies must enhance employment due diligence and strengthen private key security.
A decrease in cybercriminal activity attributed to the Democratic People’s Republic of Korea (DPRK) was observed following a summit between Russian President Vladimir Putin and North Korean leader Kim Jong Un in late June 2024.
The DPRK’s cyberattacks, which previously accounted for a significant portion of stolen value, declined by approximately 53.73% after the summit, which coincides with increased military cooperation between Russia and North Korea, suggesting a potential reallocation of cybercriminal resources towards supporting the ongoing conflict in Ukraine.
In 2024, North Korean hackers exploited vulnerabilities in DMM Bitcoin’s infrastructure, resulting in the theft of approximately 4,502.9 Bitcoin. The attackers rapidly moved the stolen funds through a series of intermediary addresses before utilizing a Bitcoin CoinJoin Mixing Service to obfuscate their origin.
A portion of the funds was bridged to various blockchains and ultimately deposited into Huione Guarantee, an online marketplace linked to the Huione Group, a known facilitator of cybercrimes, which forced DMM Bitcoin to cease operations and transfer its assets and customer accounts to SBI VC Trade.
Chainalysis acquired Hexagate, a Web3 security provider, to enhance its threat detection capabilities, which utilize machine learning to predict and detect malicious on-chain activity in real-time, as demonstrated by its early detection of the UwU Lend exploit.
While Hexagate identified the attacker’s contract, the connection to the exploit wasn’t immediately clear, highlighting the need for comprehensive tools and actionable insights to effectively mitigate threats.
The 2024 rise in crypto theft emphasizes the importance of proactive security measures, where collaboration between the public and private sectors is crucial, involving data sharing, real-time solutions, advanced tracing, and training, which will enable the industry to identify and neutralize threats, build resilience, and maintain trust in the crypto ecosystem.
