North Korean hackers stole up to $600M in crypto in 2023, TRM Labs reports


  • North Korean hackers stole $700 million in crypto in 2023, 33% of all thefts.
  • They keep changing their tactics to evade law enforcement.
  • Despite sanctions, North Korea remains a major cyber threat in 2024.

Blockchain intelligence firm TRM Labs has disclosed that North Korean hackers were responsible for approximately one-third of all cryptocurrency stolen through hacks in 2023. 

According to a report released on January 5, 2024, TRM Labs estimates that these hackers potentially stole up to $600 million in cryptocurrency throughout the year, with $600 million confirmed by their research. This revelation suggests a significant increase in the involvement of North Korean hackers in cryptocurrency-related cybercrimes.

Persistent threat from North Korean hackers

TRM Labs’ research indicates that hackers linked to the Democratic People’s Republic of Korea (DPRK) have managed to steal an astonishing $3 billion worth of cryptocurrencies since 2017. 

The primary modus operandi of these hackers involves compromising users’ private keys or seed phrases, transferring the stolen funds to DPRK-controlled wallets, and subsequently exchanging the assets for cryptocurrencies like Tether (USDT) or Tron. 

This dynamic approach to money laundering enables them to stay one step ahead of international law enforcement efforts.

One of the most concerning aspects highlighted by TRM Labs is the constant evolution of the DPRK’s money laundering techniques. These tactics are designed to evade detection and pressure from international law enforcement agencies. 

As cryptocurrency exchanges improve their cybersecurity measures and international cooperation intensifies to track and recover stolen funds, North Korean hackers have continued to adapt and innovate. This adaptability underscores business’s and governments’ need for ongoing vigilance and innovation.

U.S. Treasury Department sanctions and ongoing threat

In response to the persistent threat posed by North Korean hackers, the United States Treasury Department has imposed sanctions on individuals and hacking groups allegedly tied to North Korea, including the notorious Lazarus group. 

Despite these sanctions, TRM Labs reports that the DPRK has been actively exploring alternative laundering methods following the Treasury Department’s sanctions against cryptocurrency mixers such as Tornado Cash and Sinbad.

Future challenges and the need for continued vigilance

TRM Labs concludes that the world should remain prepared for further disruptions caused by North Korea’s prolific cyber-theft activities. Their ability to adapt to changing circumstances and stay ahead of law enforcement underscores the gravity of the situation. 

As the world moves into 2024, businesses and governments must remain vigilant and continue to enhance their cybersecurity measures to counter the ongoing threat posed by North Korean hackers.

Disclaimer: The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Share link:

Benson Mawira

Benson is a blockchain reporter who has delved into industry news, on-chain analysis, non-fungible tokens (NFTs), Artificial Intelligence (AI), etc.His area of expertise is the cryptocurrency markets, fundamental and technical analysis.With his insightful coverage of everything in Financial Technologies, Benson has garnered a global readership.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Gurbir Grewal Reflected About Efforts of Compliance of Crypto-Industry.
Subscribe to CryptoPolitan