Crypto: The fight against North Korean hackers intensifies around the world

With $2.84 billion stolen since the start of 2024, the Pyongyang regime is perfecting its hacking techniques and deploying thousands of clandestine IT workers. Faced with this growing threat, Chainalysis experts are however observing encouraging signs: the response capacity of Western states and crypto companies is significantly improving.

The crypto cyber war between North Korea and the West accelerates

The Multilateral Sanctions Monitoring Team (MSMT) is sounding the alarm. In its latest report, it reveals the staggering scale of North Korean cybercriminal operations: nearly three billion dollars stolen in less than two years. The spectacular Bybit hack last February alone represents a significant part of this colossal loot.

However, the most worrying remains the evolution of Pyongyang's strategy. From now on, the regime is no longer satisfied with occasional cyberattacks. He has in fact set up a truly “full spectrum national program”, today rivaling the cybernetic capabilities of China and Russia. This rise in power testifies to an alarming professionalization of North Korean operations.

The offensive also involves a new weapon: undercover computer workers. In clear violation of UN Security Council Resolutions 2375 and 2397, the DPRK has deployed thousands of agents to eight different countries.

These clandestine developers set up mainly in Asia – China, Laos, Cambodia – but also in Africa and even in Russia. Their income is systematically diverted to the regime to finance its arms program.

This strategy turns out to be extremely effective. “ The MSMT report details how these funds are used to acquire everything from armored vehicles to man-portable anti-aircraft missile systems “, explains Andrew Fierman, head of intelligence at Chainalysis, in an interview with Decrypt.

A vicious circle forms: stolen cryptos buy weapons that strengthen the North Korean threat.

The counter-offensive takes shape

Faced with this protean threatWestern actors are not sitting idly by. Andrew Fierman observes “an ability of law enforcement, national security agencies and the private sector to identify associated risks and respond.” Concrete examples of this resistance are multiplying.

Last August, the American Office of Foreign Assets Control (OFAC) struck hard by sanctioning an entire network of IT workers linked to Pyongyang. This action marks a turning point: Washington is no longer content to pursue the pirates, but dismantles their logistical infrastructure.

Meanwhile, tens of millions of dollars from the Bybit hack were traced and recovered, with some funds traced back to a Greek exchange.

Crypto companies themselves are stepping up to the plate. Kraken has developed protocols for detecting North Korean computer scientists as early as May 2025.

Binance goes even further: its security manager reveals that the platform daily rejects CVs of North Korean agents trying to infiltrate. This constant vigilance transforms the crypto industry into the first line of defense.

The key to success lies in public-private collaboration. The MSMT report perfectly illustrates this synergy. It brings together contributions from Western governments and specialized companies such as Chainalysis, Google Cloud and Palo Alto Networks. This approach combining blockchain intelligence and traditional cybersecurity makes it possible to identify and freeze stolen funds before they are laundered.

The battle between Pyongyang and the West in crypto cyberspace is intensifying, but the balance of power is shifting. If the North Koreans perfect their techniques, the defenses strengthen just as quickly. The issue goes far beyond the simple protection of digital assets: it is about preventing cryptos from financing the next generation of North Korean weapons.