North Korea protagonist of crypto thefts and scams that occurred in 2023



In the field of cybersecurity, the Democratic People’s Republic of Korea (DPRK) continues to assert its dominance, with hackers affiliated with North Korea involved in an impressive third of all exploits and crypto thefts last year. 

TMR Labs report sheds light on North Korean hackers’ thefts in the crypto world

According to a comprehensive report by TRM Labs, these malicious actors have managed to steal over 600 million dollars in funds. Contributing to a cumulative loot of nearly 3 billion dollars in the last six years.

The Head of Legal and Government Affairs at TRM Labs, Ari Redbord, emphasized the seriousness of the situation, highlighting that the nefarious activities of the DPRK go beyond financial gain. 

The funds extracted through these cryptocurrency exploits have a more disturbing purpose: financing the development of weapons of mass destruction. 

This alarming revelation has prompted officials from the United States National Security to increase concerns.

Everything revolves around the direct link between North Korea’s illicit cryptographic activities and its nuclear ambitions.

Redbord explained that the year 2023 saw a significant decrease in the cryptocurrency loot of the DPRK, with a 30% reduction compared to the previous year. 

In 2022, actors affiliated with the DPRK, particularly involved in the Ronin Bridge exploit, have seized approximately 850 million dollars. 

The decrease in 2023 can be attributed to a confluence of factors, including a decrease in major hacks like the Ronin theft, more effective law enforcement interventions, improved cybersecurity measures, and, to a limited extent, fluctuations in cryptocurrency prices.

The modus operandi of North Korean hackers remains consistent, relying heavily on social engineering tactics to acquire private keys for targeted projects. 

Redbord highlighted the unprecedented speed and scale at which these attacks are carried out, exploiting vulnerabilities in the cryptographic ecosystem.

Beyond financial repercussions: political attacks and power games

The importance of North Korea’s attacks and thefts on cryptocurrencies goes beyond financial repercussions. 

Unlike conventional hackers driven by greed, actors affiliated with the DPRK employ their illicit earnings to fuel the proliferation of weapons and other destabilizing activities, posing a global threat. 

Redbord has emphasized that this distinctive motivation has led to a change in perspective. Transforming the conversation from a financial concern to a national security imperative.

The impact of the Ronin Bridge exploit in 2022 marked a turning point, leading the United States Treasury to designate addresses linked to North Korea for the first time. 

This has led to a global approach, involving the entire government. To address the problem and has led to subsequent sanctions against Tornado Cash,, and Sinbad.

The cryptocurrency landscape is undeniably intertwined with geopolitical security.

This is demonstrated by North Korea’s incessant search for funds to advance its dangerous agenda.

While the international community is grappling with the evolution of cyber threats, a firm and coordinated response becomes imperative to safeguard the convergence between cryptocurrencies and global security threats.

The efforts of the West to appease North Korea: crypto thefts and hacker threats

The intensification of concerns about national security related to North Korea’s crypto-driven activities has led to a paradigm shift in global cybersecurity efforts. 

The singular motivation behind these attacks is not directed towards economic gain but towards the advancement of weapons proliferation. Therefore, it requires a multifaceted response from the international community.

The meeting between the United States, Republic of Korea, and Japan reflects the urgency to address North Korea’s efforts in weapons.

The identification and subsequent designation of addresses linked to North Korea by the United States Treasury following the Ronin Bridge exploit underline the seriousness of the situation. 

They mark a strategic move to interrupt illicit financial flows that support destabilizing activities of North Korea.

Ari Redbord, Head of Legal and Government Affairs at TRM Labs, emphasized that the Ronin incident served as a catalyst.

The subsequent sanctions on platforms such as Tornado Cash,, and Sinbad indicate a concerted effort to limit the impact of North Korean cryptocurrency operations.

The international community must now face the challenge of strengthening cybersecurity measures to mitigate the vulnerabilities exploited by North Korean hackers. 

The success of the countermeasures and the strengthening of cybersecurity controls have played a fundamental role in reducing cryptocurrency thefts in 2023. 

This underlines the importance of ongoing collaboration between government agencies, regulatory bodies, and the private sector to strengthen the defenses of the global cryptographic ecosystem.

The decrease in the most significant hacks in 2023, including the notable absence of incidents on the scale of the Ronin theft, has contributed to the overall reduction in stolen funds.

However, the persistent use of social engineering tactics by North Korean hackers highlights the need for ongoing vigilance. 


With the evolution of the cryptographic landscape, the strategies employed to counter sophisticated threat actors must also evolve.

The impact of price volatility on the reduction of stolen funds cannot be overlooked.

With the evolution of regulatory frameworks and the continuous change of market dynamics, maintaining a strong cybersecurity posture becomes imperative to address emerging threats.

The theft of $600 million worth of cryptocurrencies attributed to North Korea in 2023 highlights the persistent threat posed by state-sponsored actors. It also underscores the intersection between cybersecurity and global security.

The international community must adapt its strategies to counter evolving threats, emphasizing collaboration, technological advancements, and regulatory frameworks that address the unique challenges posed by adversaries of nation-states in the digital realm.

As North Korea continues to exploit cryptocurrencies for its war ambitions, a united front is essential to safeguard the integrity of the global financial system.

Furthermore, to prevent further escalation of geopolitical risks associated with illicit activities driven by cryptocurrencies.