In a joint statement released on January 14, 2025, the United States, Japan, and South Korea issued a stark warning to the global blockchain industry about ongoing cyber threats posed by the Democratic People’s Republic of Korea (DPRK). The statement highlights a series of cryptocurrency thefts linked to DPRK cyber actors, threatening the integrity and stability of the international financial system.
The collaborative announcement stresses the persistent cyber threats posed by DPRK-linked groups, including the notorious Lazarus Group, known for conducting widespread cybercrime campaigns aimed at stealing digital assets. According to the joint statement, cyberattacks linked to the DPRK resulted in significant thefts in 2024 alone, including:
- DMM Bitcoin: $308 million
- Upbit: $50 million
- Rain Management: $16.13 million
- WazirX: $235 million (attributed by the U.S. and South Korea)
- Radiant Capital: $50 million (attributed by the U.S. and South Korea)
The statement underscores the use of advanced tactics such as sophisticated social engineering attacks, which often deploy malware like TraderTraitor and AppleJeus. The cyber threats, observed as recently as September 2024, targeted cryptocurrency exchanges, digital asset custodians, and individual users.
To combat these threats, the United States, Japan, and South Korea have taken proactive measures, including issuing multiple advisories regarding DPRK information technology (IT) workers who pose an insider threat to private sector businesses. Notable advisories were released on May 16, 2022, May 16, 2024, and other dates throughout 2023 and 2024, urging businesses, particularly in the blockchain and freelance industries, to review these warnings to mitigate cyber risks.
The joint statement also emphasizes the importance of deeper collaboration between public and private sectors. Initiatives like the U.S.-led Illicit Virtual Asset Notification (IVAN) system, the Cryptoasset and Blockchain Information Sharing and Analysis Center (Crypto-ISAC), and South Korea’s Security Alliance (SEAL) are cited as key efforts to facilitate information sharing and incident response. Additionally, South Korea and the U.S. co-host public-private symposiums to enhance coordination against DPRK’s illicit activities, with recent events held on November 17, 2022, May 24, 2023, and August 27, 2024.
Japan’s Financial Services Agency has also taken preventive measures, collaborating with the Japan Virtual and Crypto Assets Exchange Association (JVCEA) to issue warnings and recommend self-inspections to safeguard against crypto thefts, most recently on September 26 and December 24, 2024.
The joint efforts of the United States, Japan, and South Korea aim to disrupt DPRK’s cybercrime operations, prevent the generation of illicit revenues, and bolster the cybersecurity capacities of the Indo-Pacific region. The three nations reaffirm their commitment to countering cyber threats through sanctions and enhanced trilateral coordination.