North Korea-affiliated Hackers Steal $600 Million in Crypto Funds, Contributing to $3 Billion Total Over Six Years: Report

North Korea-affiliated hackers were responsible for a significant portion of cryptocurrency exploits and thefts in 2023, making off with approximately $600 million in funds, according to a report from TRM Labs. This brings the total amount stolen by the Democratic People’s Republic of Korea (DPRK) from crypto projects to nearly $3 billion over the past six years. However, the figure is about 30% lower than the amount stolen in 2022, as stated by Ari Redbord, TRM’s head of legal and government affairs.

Redbord revealed that in 2022, DPRK-affiliated actors managed to steal around $850 million, with a significant portion of it coming from the Ronin Bridge exploit. In 2023, most of the stolen funds were acquired in the last few months, with TRM attributing approximately $200 million to North Korea in August of that year. Redbord emphasized that these hackers are attacking the crypto ecosystem at an unprecedented speed and scale, taking advantage of weak cyber controls.

The report highlights that many of the attacks conducted by North Korean hackers involve social engineering techniques, allowing them to obtain private keys for various projects. Overall, the total amount stolen in hacks in 2023 was approximately $1.7 billion, which is roughly half of the previous year’s total of $4 billion.

Redbord attributed the decrease in stolen funds to several factors. Firstly, there were fewer major hacks similar to the Ronin theft in 2022. Additionally, successful law enforcement actions, improved cybersecurity controls, and to a limited extent, price volatility over the past year, contributed to the decline.

What sets North Korean attacks apart is that the proceeds are used for the development of weapons of mass destruction, raising concerns about national security. Redbord stated that North Korean hackers have different motivations compared to typical hackers driven by greed or money. Their objective is to use the stolen funds for weapons proliferation and other destabilizing activities, posing a global threat. This national security concern was directly addressed by officials from the United States, Republic of Korea, and Japan in a recent trilateral meeting on North Korea’s efforts related to weapons of mass destruction.

Redbord emphasized that the conversation surrounding North Korean cyberattacks shifted to a national security focus after the Ronin theft. This incident marked the first time that the U.S. Treasury designated North Korea-related addresses, which were linked to the original stolen funds and subsequent addresses. This led to the implementation of sanctions on platforms such as Tornado Cash,, and Sinbad. Redbord highlighted that a whole-of-government approach is being taken to address this issue.

In conclusion, North Korea-affiliated hackers were responsible for a significant amount of cryptocurrency thefts in 2023, with a total of $600 million stolen. The report from TRM Labs highlights the unique aspect of these attacks, as the stolen funds are used for weapons proliferation and other destabilizing activities. This raises serious national security concerns, leading to increased focus and collaboration among officials from the U.S., Republic of Korea, and Japan. Efforts are being made to combat these cyber threats through improved cybersecurity controls, law enforcement actions, and targeted sanctions on platforms facilitating illicit activities.