Stolen Crypto Rose to $2.2 Billion in 2024 With an Intriguing Link to a June Russia-North Korean Summit, Chainalysis Says

The amount of cryptocurrency stolen this year rose 21 percent to $2.2 billion compared with 2023 but could have been much greater – potentially -- if not for a meeting between Vladimir Putin and North Korea’s Kim Jong Un in late June, according to blockchain forensics firm Chainalysis.

Decentralized finance protocols still accounted for the majority of thefts this year, yet centralized services like exchanges were the most targeted by thieves in the middle of the year, Chainalysis said in a new research report released today. When crypto users leave their coins on an exchange, that exchange must keep the user’s private keys secure because if they get into the hands of an attacker those funds will be stolen.

“This shift in focus from DeFi to centralized services highlights the increasing importance of securing mechanisms commonly exploited in hacks, such as private keys,” the firm said in its report. “Private key compromises accounted for the largest share of stolen crypto in 2024, at 43.8 percent.”

In May, hackers stole $305 million in Bitcoin from Japanese exchange DMM Bitcoin, which is one of the largest Bitcoin heists in history.

“Given that centralized exchanges manage substantial amounts of user funds, the impact of a private key compromise can be devastating; we only have to look at the $305 million DMM Bitcoin hack,” Chainalysis said. The theft “may have occurred due to private key mismanagement or lack of adequate security,” the firm said.

While centralized exchanges are key components of the crypto ecosystem because they allow users to get money in and out of the digital currency world, they are also a ripe target for hackers. Leaving crypto on exchanges also flies in the face of the hard-earned wisdom of “not your keys not your coins.”

Hackers were on pace to steal more than $3 billion in crypto this year, as they did in 2021 and 2022, yet a slowdown in attacks from North Korean-linked groups in the second half of the year altered the dynamic, Chainalysis said. That may have stemmed from a meeting between Putin and Kim Jong Un in late June, that came amid Russia and North Korea (DPRK) forming a closer bond, the firm said.

“So far this year, their growing alliance has been marked by Russia releasing millions of dollars in North Korean assets previously frozen in compliance with UNSC sanctions,” Chainalysis said. “Meanwhile, North Korea has deployed troops to Ukraine, supplied Russia with ballistic missiles, and reportedly sought advanced space, missile, and submarine technology from Moscow.”

That could have led to North Korea needing to rely less on stolen cryptocurrency to fund its weapons of mass destruction and ballistic missile programs, Chainalysis said.

“Amounts stolen by the DPRK dropped by approximately 53.73 percent after the summit, whereas non-DPRK amounts stolen rose by approximately 5 percent,” the firm said. “It is therefore possible that, in addition to redirecting military resources toward the conflict in Ukraine, the DPRK — which has dramatically increased its cooperation with Russia in recent years — may have altered its cybercriminal activity as well.”

Still, it’s unclear that the meeting had a direct effect on North Korean hacking activity, Chainalysis said.

“The decline in funds stolen by the DPRK after July 1, 2024 is clear and the timing is conspicuous, but it is nevertheless important to note that this decline is not necessarily associated with Putin’s visit to Pyongyang,” the firm said in its report. “Additionally, a few events in December could alter the pattern by the end of the year, and attackers often strike over holidays.”