The United States, Japan, and the Republic of Korea have joined forces to issue a stark warning to the blockchain technology industry: North Korea’s cyber actors are actively targeting and compromising entities across the globe. This announcement highlights the escalating threat posed by North Korea’s malicious cyber activities, particularly their relentless pursuit of cryptocurrency theft.
“The DPRK’s cyber program threatens our three countries and the broader international community and, in particular, poses a significant threat to the integrity and stability of the international financial system,” the joint statement declares.
The statement points to a disturbing pattern of “malicious behavior in cyberspace” by North Korean advanced persistent threat groups, including the infamous Lazarus Group. These groups are actively engaged in “numerous cybercrime campaigns to steal cryptocurrency” targeting a wide range of victims, from exchanges and digital asset custodians to individual users.
The scale of these cyber heists is staggering. In 2024 alone, attributed thefts linked to North Korea include:
- DMM Bitcoin: $308 million
- Upbit: $50 million
- Rain Management: $16.13 million
- WazirX: $235 million
- Radiant Capital: $50 million
These figures represent a significant source of illicit revenue for the DPRK, which is allegedly used to fund its unlawful weapons of mass destruction and ballistic missile programs. “Our three governments strive together to prevent thefts, including from private industry, by the DPRK and to recover stolen funds with the ultimate goal of denying the DPRK illicit revenue,” the statement asserts.
The tactics employed by North Korean cyber actors are becoming increasingly sophisticated. The US government has observed “aggressive targeting of the cryptocurrency industry by the DPRK with well-disguised social engineering attacks that ultimately deploy malware, such as TraderTraitor, AppleJeus and others.”
The joint statement also draws attention to the insider threat posed by North Korean IT workers. Multiple advisories have been issued by the three countries warning about the risks associated with inadvertently hiring these individuals. “The United States, Japan, and the Republic of Korea advise private sector entities, particularly in blockchain and freelance work industries, to thoroughly review these advisories and announcements to better inform cyber threat mitigation measures and mitigate the risk of inadvertently hiring DPRK IT workers.”
To combat this growing threat, the three nations are calling for deeper collaboration between the public and private sectors. Initiatives like the Illicit Virtual Asset Notification (IVAN) information sharing partnership, the Cryptoasset and Blockchain Information Sharing and Analysis Center (Crypto-ISAC), and the Security Alliance (SEAL) are cited as examples of mechanisms facilitating information sharing and incident response.
