The United States, Japan, and South Korea have issued a stern warning to the cryptocurrency industry, accusing North Korea of orchestrating some of the largest crypto thefts in 2024. Officials from the three nations stated that North Korea’s cyber activities threaten global financial stability and pose significant risks to international security.

“The DPRK’s cyber program threatens our three countries and the broader international community and, in particular, poses a significant threat to the integrity and stability of the international financial system,” the governments declared. They highlighted North Korea’s involvement in siphoning $308 million from DMM Bitcoin and $235 million from WazirX, among other thefts.

The statement underscored a unified effort by the three nations to combat these activities. Officials outlined their collective aim to prevent further thefts, both from private industry and other sectors, while working to recover stolen funds. This initiative seeks to deprive North Korea of the illicit revenue that funds its weapons of mass destruction and ballistic missile programs.

North Korea’s Lazarus Group hackers were singled out for their continued “pattern of malicious behavior in cyberspace,” targeting cryptocurrency exchanges, digital asset custodians, and individual users. Beyond the $543 million stolen from DMM Bitcoin and WazirX, an additional $116 million was taken from platforms like Upbit, Rain Management, and Radiant Capital. U.S. officials noted that in recent months, North Korean hackers have used malware such as TraderTraitor and AppleJeus to facilitate these crimes.

Blockchain security firm Chainalysis reported that North Korean-linked hacking groups stole $1.34 billion worth of cryptocurrency across 47 incidents in 2024. Separately, United Nations experts are investigating 58 cyberattacks attributed to North Korean operatives, which have allegedly amassed approximately $3 billion over six years.

Adding to these concerns, North Korean hackers have also infiltrated U.S. companies by posing as IT workers. This tactic, which combines data theft and extortion, has alarmed authorities in all three countries. Last month, the U.S. Department of Justice indicted 14 North Koreans for earning at least $88 million by working illicitly as IT employees at American firms. Some individuals even held multiple jobs, earning over $10,000 monthly.

“For the first time, we’re seeing IT workers follow through on releasing sensitive data of organizations they’ve infiltrated to pressure victims into paying exorbitant ransoms,” said Michael Barnhart, Principal Analyst at Google Cloud’s Mandiant. He explained that the North Korean operatives have escalated their demands, with some targeting larger organizations and threatening to release intellectual property and confidential data if their demands are not met.

Barnhart added that these threats often involve selling leaked data to competitors or exposing it publicly, further damaging the affected companies. While much of this data includes intellectual property like source code, it also poses risks of enabling sophisticated cyberattacks on organizations.

Authorities have urged blockchain companies to strengthen their hiring practices and internal security controls to mitigate these risks. According to Scott Algeier, Executive Director of the Information Technology-Information Sharing and Analysis Center, robust vetting processes are crucial to identifying suspicious behavior among potential hires.

The escalating tactics of North Korean operatives highlight the urgent need for collective action within the crypto industry. As the threats evolve, the call for vigilance and collaboration among governments, businesses, and cybersecurity experts grows louder.