In 2024, North Korea continued its activity in crypto crimes, creating significant volumes of digital asset theft. Research indicates a rise in the frequency of attacks and the evolution of methods.
North Korea’s Theft Methods Are Getting Sharper
In 2024, North Korean hackers executed attacks approximately every 11 days, faster than in 2023. Most of these breaches were linked to private key theft, contributing to North Korea's nearly 61% share of all stolen cryptocurrency value last year. Faced with these breaches, experts noted the use of mixers to launder stolen funds such as Sinbad, through which about $147 million was laundered.
Crime Beyond North Korea
Not all breaches noted in the Chainalysis report were connected to North Korea. In early 2025, the Lazarus hacking group, which has known ties to state operations, allegedly drained $1.5 billion worth of ETH from Bybit. Meanwhile, other fraudulent schemes are also actively developing, including the use of AI to create fake profiles and sophisticated scam schemes that approach $10 billion in fraudulent revenue.
State of the Darknet and Its Development
Darknet markets continue to operate, with Abacus Market growing by over 180% year-on-year. Typically, products and services are offered using Monero or stablecoins. Notably, networks like Huione Guarantee have now become key intermediaries processing large volumes of cryptocurrency and assisting criminals in moving money, facilitating fake escrows, and addressing issues with sanctioned buyers.
North Korea holds a leading position in the volume of stolen cryptocurrencies, but its actions are part of a broader ecosystem of crypto crime. Money laundering services, fraudulent schemes, and darknet markets continue to grow, complicating the landscape of crypto crimes.
