Governments are intensifying their crackdown on North Korean hackers, who have been linked to over 60% of the cryptocurrency stolen in 2024. Groups like the infamous Lazarus Group have executed some of the largest cyber heists in Web3 history, including the $600 million Ronin network hack.

South Korea has taken decisive action, sanctioning 15 North Korean IT agents and one organization accused of funneling stolen funds into the regime’s nuclear weapons program. According to South Korea’s Ministry of Foreign Affairs, these agents generated substantial revenue through overseas employment under false identities, later redirecting the earnings to North Korea’s Munitions Industry Department.

Among the sanctioned individuals is Kim Cheol-min, who allegedly amassed significant foreign currency while covertly working for U.S. and Canadian firms. Another individual, Kim Ryu Song, reportedly earned $88 million over six years and was recently indicted by U.S. lawmakers for money laundering and identity theft.

The sanctions follow a staggering $2.3 billion in crypto thefts in 2024, a 40% increase from 2023. North Korean-affiliated hackers were responsible for $1.34 billion of that total, targeting 47 incidents. Chainalysis data highlights a 102% year-over-year growth in the value stolen by DPRK hackers, with fewer but more profitable attacks in 2024.

Chainalysis reports an alarming trend: a surge in high-value exploits, with attacks netting $50–$100 million becoming increasingly common. Experts warn that these sophisticated techniques could signal even larger threats in 2025.

The global pushback, including South Korea’s sanctions, underscores the urgency to curb the escalating cyber threat posed by North Korean actors.