$2.2 billion worth of cryptocurrency was stolen from various platforms in 2024, Chainalysis’ 2025 Crypto Crime Report has revealed. Of that sum, $1.34 billion was stolen by North Korea-affiliated hackers, across 47 hacking incidents (out of 303).
Most targeted organizations
Between 2021 and 2023, decentralized finance (DeFi) platforms were the primary targets of crypto hacks, but in Q2 and Q3 2024, centralized services were the most targeted.
Funds stolen between January and November 2024 – by type of compromise (Source: Chainalysis)
“This shift in focus from DeFi to centralized services highlights the increasing importance of securing mechanisms commonly exploited in hacks, such as private keys. For centralized services, ensuring the security of private keys is critical, as they control access to users’ assets,” Chainalysis noted.
“Given that centralized exchanges manage substantial amounts of user funds, the impact of a private key compromise can be devastating; we only have to look at the $305 million DMM Bitcoin hack, which is one of the largest crypto exploits to date, and may have occurred due to private key mismanagement or lack of adequate security.”
North Korean hackers: A crypto pestilence
DPRK’s crypto attacks are becoming more frequent, the company found, and they are getting better at stealing bigger sums (above $100 million in cryptocurrency).
Not that they avoid spending time and efforts on targets that can yield smaller sums: “The DPRK’s dominance of the high end of the exploitation ladder continued in 2024, but there is also a growing density of DPRK hacks at lower amounts, most notably around $10,000 in value,” according to Chainalysis.
“Some of these events appear to be linked to North Korean IT workers, who have been increasingly infiltrating crypto and Web3 companies, and compromising their networks, operations, and integrity. These workers often use sophisticated Tactics, Techniques, and Procedures (TTPs), such as false identities, third-party hiring intermediaries, and manipulating remote work opportunities to gain access.”
Stronger defenses are needed
Chainalysis urges companies to prioritize employment due diligence, implement robust private key hygiene, and take advantage of existing detection technologies to prevent and mitigate attacks.
They also call for a better collaboration between the public and private sectors on data-sharing initiatives, real-time security solutions, advanced tracing tools, and targeted training.