Blockchain security is taking center stage as new developments highlight both challenges and advancements in the sector. A recent Chainalysis report revealed a dramatic rise in crypto thefts tied to North Korean hackers, who doubled their stolen assets in 2024 to over $1.3 billion. In parallel, Chainalysis has announced its acquisition of Hexagate, a Web3 security firm, signaling a proactive shift toward preventing such exploits.
North Korean Hackers Double Crypto Theft in 2024, Chainalysis Reports
In a chilling revelation, analytics firm Chainalysis has disclosed that hackers tied to the Democratic People’s Republic of Korea (DPRK) have doubled their crypto theft in 2024 compared to the previous year. The report, released on Dec. 19, outlines how North Korean cybercriminals stole over $1.3 billion worth of digital assets across 47 incidents in 2024, accounting for a staggering 61% of all crypto thefts reported globally.
The findings indicate a significant escalation in the scale and frequency of DPRK-linked cyberattacks. This marks a stark contrast to 2023, during which hackers tied to the isolated nation stole approximately $660 million in cryptocurrency.
Chainalysis highlighted a worrying trend: not only are DPRK’s crypto attacks becoming more frequent, but the hackers are also successfully pulling off larger exploits. The report noted that in 2024, attacks involving sums between $50 million and $100 million—and even those exceeding $100 million—occurred more often than in the prior year. This pattern diverges sharply from the two preceding years, when most of the DPRK’s exploits yielded profits below $50 million.
“It appears that the DPRK’s crypto attacks are becoming more frequent,” Chainalysis reported. “Notably, attacks between $50 and $100 million, and those above $100 million occurred far more frequently in 2024 than they did in 2023, suggesting that the DPRK is getting better and faster at massive exploits.”
Despite North Korea’s increasing activity, the overall global crypto theft landscape showed mixed signals. Chainalysis reported that hackers globally had stolen approximately $2.2 billion worth of cryptocurrency in 2024, marking a 21% increase compared to 2023. However, this figure is still far below the record-setting $3.7 billion in crypto stolen in 2022.
The first quarter of 2024 saw decentralized finance (DeFi) platforms as the primary target for hackers. However, the second and third quarters revealed a shift, with centralized services bearing the brunt of cyberattacks.
Some of the most notable incidents in 2024 include:
-
WazirX Hack (July): Hackers compromised one of the India-based exchange’s Safe multisig wallets on Ethereum, resulting in losses of $235 million—the largest single hack of the year.
-
BingX Hack (September): Cybercriminals targeted this crypto exchange and made away with roughly $44 million worth of tokens.
North Korea’s Political Ties and Reduced Activity in H2 2024
The Chainalysis report also touched on an intriguing observation: a marked decline in DPRK-linked hacking activity in the second half of 2024. According to the analytics firm, the drop in stolen funds after July 1 was “conspicuous,” coinciding with deepening political and military ties between North Korea and Russia. However, Chainalysis cautioned against drawing direct links to Russian President Vladimir Putin’s visit to Pyongyang earlier in the year.
“The decline in funds stolen by the DPRK after July 1, 2024 is clear and the timing is conspicuous,” the report stated. “But it is nevertheless important to note that this decline is not necessarily associated with Putin’s visit to Pyongyang.”
Chainalysis also noted that the year-end holidays could potentially see a resurgence of attacks, as hackers often exploit the season’s operational vulnerabilities.
North Korean hackers have become notorious for orchestrating some of the most significant breaches in the cryptocurrency and blockchain sectors. Their activities have not only led to massive financial losses but also drawn heightened scrutiny from US authorities. The latter frequently impose sanctions on entities linked to DPRK’s money laundering efforts, which often involve laundering stolen crypto through complex networks of mixers and intermediaries.
In recent years, these cyber exploits have served as a vital financial lifeline for North Korea, funding its nuclear weapons program and bypassing stringent international sanctions. The uptick in large-scale attacks in 2024 shines the spotlight on the evolving threat posed by DPRK hackers, even as the global crypto ecosystem attempts to bolster its defenses.
While North Korea’s hackers had a “very active year,” Chainalysis reported that global hacking activity in the third and fourth quarters of 2024 declined compared to the same period in 2023. This trend offers a glimmer of hope, suggesting that improved security measures and international cooperation may be starting to curb some forms of cybercrime.
Nevertheless, the ongoing evolution of North Korea’s cyber capabilities is a stark reminder of the vulnerabilities inherent in the digital asset space. As hackers grow more adept at breaching even the most secure platforms, the industry faces an urgent need for continuous innovation in cybersecurity.
The alarming scale of North Korea’s crypto exploits in 2024 serves as a wake-up call for the cryptocurrency industry, governments, and cybersecurity firms. With 2022 still holding the dubious distinction of being the worst year for crypto hacks, the path forward must involve collaboration across all stakeholders to minimize risks and protect the burgeoning digital economy.
The report’s findings also raise questions about the geopolitical dimensions of crypto crime, particularly as nation-states leverage cybercrime as a strategic tool. As 2025 approaches, the global crypto community will undoubtedly keep a close eye on the DPRK’s next moves—and the broader implications for digital asset security.
Chainalysis Acquires Web3 Security Firm Hexagate to Strengthen Blockchain Security
In a related development, Chainalysis has announced its acquisition of Hexagate, a Web3 security firm specializing in threat detection and mitigation. The acquisition, revealed on Dec. 19, marks a significant step forward for Chainalysis as it pivots from its traditional focus on investigations into proactive prevention within the blockchain and cryptocurrency ecosystem.
Founded in 2022 and headquartered in Israel, Hexagate has quickly gained recognition for its advanced Web3 security solutions. The company’s offerings include real-time threat detection and tools to safeguard digital assets, which have reportedly prevented over $1 billion in potential losses for its clients. These clients include prominent names such as Coinbase and Consensys.
Chainalysis CEO Jonathan Levin announced the acquisition on X, signaling a bold new chapter for the company. Levin stated: “We have spent 10 years following the money. Now it’s time to prevent the money from being stolen. Welcome to the era of secure smart contracts with proper monitoring and real-time threat detection. Announcing our acquisition of Hexagate.”
In a blog post accompanying the announcement, Levin emphasized Chainalysis’s evolving mission to transition from being a leader in blockchain investigations to a trailblazer in preventative security measures. He noted that expanding into Web3 security is a natural progression for the company as it seeks to protect the burgeoning blockchain ecosystem from increasingly sophisticated threats.
While the announcement shows the strategic importance of Hexagate to Chainalysis’s future endeavors, many details remain undisclosed. The purchase price for Hexagate has not been revealed, and it remains unclear whether the acquisition will lead to significant changes in Hexagate’s leadership or operational structure.
Chainalysis’s Shift to Prevention
The acquisition of Hexagate signals a broader strategic shift for Chainalysis. Since its founding, the company has been renowned for its blockchain analytics capabilities, assisting law enforcement and regulatory agencies in tracing illicit crypto transactions. Now, it aims to tackle issues at the root by preventing theft and fraud before they occur.
Levin’s leadership appears to be a driving force behind this pivot. Having taken over as CEO in October 2024 following the departure of Michael Gronager, Levin has been vocal about the company’s aspirations to expand its services and respond to the rapidly evolving landscape of blockchain technology.
Hexagate’s expertise in protecting smart contracts and decentralized finance (DeFi) platforms is expected to complement Chainalysis’s existing suite of blockchain analytics tools. By integrating Hexagate’s real-time monitoring and threat detection capabilities, Chainalysis aims to offer a more comprehensive solution to its clients, bridging the gap between investigation and prevention.
Levin’s vision for Chainalysis’s future extends beyond technological advancements. The CEO has also speculated about potential regulatory changes under the incoming US administration. He suggested that greater clarity surrounding digital assets, including the repeal of rules like the Securities and Exchange Commission’s Staff Accounting Bulletin 121 (SAB 121), could pave the way for a more secure and transparent blockchain industry.