North Korean Affiliated Hackers Swipe $2.3 Billion from Global Businesses, $721 Million from Japan since 2017

A recent study conducted by compliance specialist Elliptic has unveiled the shocking reality of North Korea’s cyber warfare capabilities. Hacker groups associated with the country, most notably Lazarus, have successfully stolen an astounding $721 million from Japan’s cryptocurrency reserves since 2017, Nikkei reported on May 15.

This staggering amount represents nearly 30% of the global losses incurred through similar cyberattacks. The findings of the study highlight the grave threat posed by North Korea’s illicit activities in the realm of cryptocurrencies, raising concerns about regional security.

Targeted Cyberattacks on Japanese Cryptocurrency Assets

According to Elliptic’s analysis, North Korea has consistently targeted Japanese cryptocurrency assets as a means to acquire foreign currency, which is likely channeled towards supporting the country’s missile program. Over the period between 2017 and the end of 2022, these cyberattacks have allowed North Korea to amass a total of $2.3 billion in stolen cryptocurrency from businesses worldwide. Among the affected nations, Japan has borne the brunt of the losses, followed by Vietnam, the United States, and Hong Kong.

Regional Breakdown of Losses

Elliptic’s study breaks down the financial losses inflicted by North Korean hackers, providing insight into the specific impact on different regions and countries. Japan emerges as the hardest-hit nation, suffering a staggering $721 million in losses, exceeding North Korea’s total exports for 2021 by a factor of 8.8. Vietnam closely follows with losses amounting to $540 million, while the United States and Hong Kong have incurred losses of $497 million and $281 million, respectively.

International Community Acknowledges the North Korean Threat

The escalating threat posed by North Korean cyberattacks has garnered the attention of international bodies. In a joint statement issued by the Group of Seven (G7) finance ministers and central bank governors, the “growing threat from illicit activities by state actors” is acknowledged, with specific reference to the theft of cryptocurrencies in light of North Korea’s missile launches. This recognition underscores the urgency to address the escalating risks associated with North Korea’s cyber capabilities.

North Korea’s Cyberattack Strategies

North Korea predominantly employs two types of cyberattacks: hacking and ransomware. Elliptic’s analysis primarily focuses on hacking, which involves direct theft from cryptocurrency exchanges. Given the uncertainty surrounding the success of ransomware attacks, North Korea appears to prioritize direct attacks on exchanges, as they offer a higher chance of securing substantial amounts of cryptocurrency.

Motives Behind North Korea’s Cyber Crimes

North Korea’s reliance on cyberattacks stems from its limited access to foreign currency due to stringent international sanctions. These illicit activities, including cryptocurrency theft, are part of a national strategy employed by Pyongyang to compensate for the loss of revenue resulting from the country’s heavily restricted coal trade.

The Imperative of Strengthened Security Measures and Collaboration

As Japan and Vietnam experience rapid growth in their cryptocurrency markets, some operators have overlooked robust security measures, making them prime targets for North Korean hackers. While amendments to payment services regulations have been introduced in Japan, addressing emerging technologies such as decentralized finance (DeFi) and supporting domestic crypto exchange operators in combating evolving cyber threats remains a challenge.

Moreover, fostering cross-border collaboration within the cryptocurrency industry is crucial. Sharing threat information, attack routes, and malware exploits among public and private sectors, as well as industry associations, will enhance defense capabilities, particularly within the financial sector. Cybersecurity experts emphasize the importance of international cooperation to effectively counter North Korean cyber activities.


Elliptic’s study sheds light on the alarming extent of North Korea’s cyber capabilities, particularly its relentless targeting of Japanese cryptocurrency assets. The substantial losses incurred by Japan and other countries underscore the urgency for improved cybersecurity measures and international cooperation to safeguard.

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like