In 2024, crypto-related cybercrime saw a resurgence in hacking and ransomware activities despite an overall decline in illegal crypto transactions. A North Korean cyber network has been exposed by well known crypto detective ZachXBT, that involves developers infiltrating crypto projects to steal funds. Meanwhile, Meta is in some legal hot water in Australia over facilitating crypto scams on Facebook, many of which involve deepfake celebrity endorsements.
2024 Sees Resurgence in Crypto Hacking and Ransomware
In 2024, the cryptocurrency market saw a notable shift in illicit activities. In fact, the overall illegal transactions declined by 19.6% year-to-date, according to a mid-year update by Chainalysis.
The report was released on Aug. 15, and revealed that legitimate crypto activities have been growing faster than illicit ones, driven in part by the adoption of Bitcoin and Ethereum exchange-traded funds (ETFs) in the United States. Despite this positive trend, certain types of crypto-related criminal activity, particularly stolen funds and ransomware, have surged.
Hacking activity (Source: Chainalysis)
Crypto hacking saw a big drop in 2023, but has made a strong comeback in 2024. The cumulative value of crypto stolen through the end of July has surpassed $1.58 billion. This is an 84% increase compared to the same period in 2023.
While the number of hacking incidents has only slightly increased, the average value compromised per hack has jumped by 79.5%, with each event averaging $10.6 million in 2024. This rise in compromised value correlates with the surge in Bitcoin prices, which have increased by 130% from an average of $26,141 in 2023 to $60,091 in 2024.
Interestingly, hackers have shifted their focus back to centralized exchanges (CEXs) after years of targeting decentralized platforms. In one of the largest incidents, the Japanese exchange DMM lost $305 million in Bitcoin due to a private key hack in May of 2024. This incident ended up accounting for 19% of the total value stolen in crypto hacks this year.
Chainalysis suggests that this shift might be due to the increased volume in CEXs compared to decentralized finance (DeFi) services. This makes centralized platforms much more attractive targets.
Maximum ransom payment by year (Source: Chainalysis)
Ransomware attacks involving crypto have also intensified in 2024. In July, a $75 million payment to the ransomware group Dark Angels became the largest single ransomware payment ever recorded. The size of the maximum payment has also surged by 96% year-over-year from 2023 and 335% from 2022. Most ransomware payments continue to be made using crypto, particularly Bitcoin.
Malaysian Gang Charged in Crypto Kidnapping Case
Six Malaysians, including a married couple, have been charged with kidnapping a Chinese national and demanding a ransom of 4.44 million Malaysian ringgits, equivalent to $1 million in Tether’s USDT stablecoin. The accused are aged between 25 and 29, and allegedly abducted the victim on July 11 at an expressway exit between Kuala Lumpur and Putrajaya. They then demanded 1,007,696 USDT for the man’s release.
On Aug. 15, the six accused pleaded not guilty, but Judge Amir Effendy denied them bail. Their next court hearing is set for Oct. 8.
Local authorities are also pursuing four additional suspects linked to the abduction, who are believed to be part of an 18-person gang of experienced kidnappers. Selangor police chief Datuk Hussein Omar Khan confirmed that four other gang members were killed in separate encounters on Aug. 3. If they get convicted under the Kidnapping Act, the six accused could face prison sentences ranging from 30 to 40 years, along with caning.
North Korean Cyber Network Exposed
Meanwhile, blockchain investigator ZachXBT uncovered evidence that a sophisticated network of North Korean developers are earning as much as $500,000 per month by working for established crypto projects. In an X post, ZachXBT shared that a single entity in Asia, likely based in North Korea, employs at least 21 workers across more than 25 crypto projects. This network reportedly generates between $300,000 and $500,000 monthly.
ZachXBT’s investigation was prompted after a team contacted him for help when $1.3 million was stolen from their treasury because malicious code was introduced by developers. Unbeknownst to the team, these developers were North Korean IT workers who were using fake identities. The stolen funds were then laundered through a series of transactions, and eventually led to 16.5 ETH being transferred to two different exchanges.
The investigation also revealed that these developers are part of an extensive network, with multiple payment addresses showing transactions of $375,000 in the last month alone and a total of $5.5 million flowing into an exchange deposit address from July 2023 to sometime in 2024. These payments were linked to North Korean IT workers, including Sim Hyon Sop, who has been sanctioned by the U.S. Office of Foreign Assets Control (OFAC) for coordinating financial transfers that support North Korea’s weapons programs.
ZachXBT also found that other payment addresses were connected to another OFAC-sanctioned individual, Sang Man Kim, who has been implicated in DPRK-related cybercrime. The investigation also uncovered Russian Telecom IP overlaps among developers claiming to be based in the United States and Malaysia.
List of fake dev names (Source: ZachXBT)
Some developers were placed by recruitment companies and even referred each other for work. After ZachXBT’s post, one project discovered they actually hired a DPRK IT worker listed in the investigation. The developer left the project’s chat and wiped their GitHub within minutes.
Organizations linked to North Korea, including the infamous Lazarus Group, have been behind numerous cyber attacks and scams over the years. They are especially known for using phishing, software exploitation, cyber intrusions, and private key exploits. Many North Korean workers take these jobs to generate income that is then sent back to the country.
In 2022, U.S. government agencies issued a warning about the influx of North Korean workers in freelance tech jobs, particularly in the crypto industry.
Meta Faces Legal Heat Over Facebook Crypto Scams
The Australian Competition and Consumer Commission (ACCC) revealed that over half of the crypto ads on Facebook are either scams or violate Meta’s advertising policies. The ACCC filed a lawsuit against Meta in 2022, accusing the company of aiding and abetting celebrity crypto scam ads on its platform. A hearing date for this case has not been set yet.
In its latest court filing, the ACCC reported that 58% of reviewed crypto ads on Facebook were found to be either in violation of Meta’s policies or potentially involved in scams. These ads frequently used the images of high-profile Australians, including celebrities like Dick Smith, James Packer, Chris Hemsworth, Mel Gibson, Nicole Kidman, Russell Crowe, and former politician Mike Baird, to promote fraudulent crypto investment schemes.
While the exact financial losses from these scams are not specified, government data from Scamwatch indicates that investment scams are still the leading cause of financial losses for Australians. In 2024 alone, there had already been 3,456 reports of investment scams which resulted in over $78 million in losses.
Top scams by loss and number of reports for Australia (Source: Scamwatch)
The ACCC’s investigation initially identified 600 ads but is now focused on 234. However, it is still likely that more celebrity scams will be uncovered during the discovery process.
In July of 2022, Australian mining tycoon Andrew Forrest sued Meta over Facebook ads using deepfakes of his image to promote scam crypto schemes. Although the case was initially dismissed, a U.S. judge allowed it to continue in June 2024.
The ACCC argues that Meta has been aware that a large proportion of crypto ads on its platform involve misleading or deceptive practices since January of 2018. Despite Meta’s policies prohibiting these ads, the company is accused of failing to adequately prevent them from appearing.
Meta claims to invest in systems to combat scammers and remove fake accounts, but the ACCC holds firm that the company could have implemented technology to warn users about suspect ads. According to Statista, Meta took action on 691 million fake accounts in the fourth quarter of 2023, which was a decrease from the 827 million removed in the previous quarter and a huge drop from the 2.2 billion fake profiles that were removed in 2019.
