North Korean cybercriminals had a record-breaking year in 2024, stealing $1.34 billion from cryptocurrency platforms — 61% of all crypto thefts globally, according to a new report from blockchain analytics firm Chainalysis.

The unprecedented haul highlights increasingly sophisticated tactics, including the infiltration of crypto companies by North Korean IT operatives who compromise internal networks to access funds, it noted in a new report.

Chainalysis’ figure doubles the amount cited on January 14 by the US, Japan, and South Korea in a joint statement. The three governments attributed over $650 million in attacks last year to North Korean state actors, including high-profile hacks of DMM Bitcoin ($308 million), Upbit ($50 million), and Rain Management ($16.13 million).

The US and South Korea also tied North Korea to thefts from WazirX ($235 million) and Radiant Capital ($50 million).

Across the board, cryptocurrency theft surged 21% year-over-year to $2.2 billion last year, with DeFi platforms bearing the brunt. Centralised exchanges, however, emerged as prime targets in Q2 and Q3, while private key compromises accounted for 43.8% of stolen crypto in 2024.

But theft wasn’t the only area of growth. Overall, illicit crypto transactions totaled $40.9 billion in 2024, representing 0.14% of all on-chain activity. While slightly below 2023 levels, Chainalysis warned the true figure could total $51 billion as more illicit wallets are identified — a process that typically adds 25% to reported totals over time.

Once concentrated in cybercrime, the misuse of cryptocurrency has broadened to encompass a range of threats, from national security risks to consumer fraud. Criminals increasingly leverage crypto for complex, off-chain schemes while moving funds on-chain for laundering.

“An array of illicit actors, including transnational organised crime groups, are increasingly leveraging cryptocurrency for traditional crime types, such as drug trafficking, gambling, intellectual property theft, money laundering, human and wildlife trafficking, and violent crime,” Chainalsysis said in its 2024 report.

Fraudulent schemes also became more sophisticated last year, with high-yield investment scams and “pig butchering” among the most lucrative. The report highlighted a growing use of artificial intelligence in fraud, enabling personalized sextortion attacks and helping criminals bypass know-your-customer (KYC) protocols.

Crypto ATM scams targeting elderly victims also emerged as a growing concern.

Ransomware revenues remained substantial but showed signs of strain as law enforcement actions and reduced victim willingness to pay ransoms dented the revenues.

Darknet market revenues fell to $2 billion, down from $2.3 billion in 2023, while fraud shop volumes dropped over 50%. The decline was driven in part by a major US-Dutch law enforcement operation that dismantled the Universal Anonymous Payment System (UAPS), a crypto payment processor facilitating fraud.

Bitcoin, once the go-to currency for criminals, has ceded ground to stablecoins, which now account for 63% of all illicit crypto transactions. Stablecoin use reflects broader market trends, with total activity growing 77% year-over-year.

Still, some crypto crimes — notably ransomware attacks and darknet market sales — remain Bitcoin-heavy.