The Group of Seven (G7) is preparing to confront a growing global security threat: North Korea’s increasing involvement in cybercrime and cryptocurrency theft. According to a report from Bloomberg on May 7th, citing individuals familiar with the summit’s agenda, these issues may take center stage alongside the ongoing conflicts in Ukraine and Gaza.
While geopolitical conflicts traditionally dominate such high-level meetings, the scale and frequency of North Korea’s cyber operations have raised alarms among global leaders. The regime’s reliance on stolen cryptocurrency to fund its sanctioned weapons programs is pushing the issue into the spotlight.
Over the past year, North Korea has dramatically expanded its cybercrime operations, with hacking groups like the Lazarus Group leading the charge. In 2024 alone, Lazarus and affiliated hackers are believed to have stolen over $1.3 billion through 47 separate attacks, according to data Chainalysis.
Source: Chainalysis
One of the most high-profile incidents occurred in February, when Bybit, a major cryptocurrency exchange, suffered a $1.4 billion breach, the largest known crypto theft to date. Analysts have confirmed Lazarus’ involvement in the attack.
This massive influx of stolen digital assets is not merely for financial gain. A report from the U.S. Treasury in September 2024 stated that these illicit funds are directly used to evade international sanctions and to finance North Korea’s weapons development.
In January, the United States, Japan, and South Korea issued a joint warning that North Korea has also been deploying IT professionals and freelancers to infiltrate global crypto and tech companies. These operatives pose insider threats, gaining employment under false identities and then exploiting company systems to steal funds or sensitive data.
A recent incident exposed this exact strategy. Kraken, a leading cryptocurrency exchange, detailed how it intercepted an infiltration attempt from a suspected North Korean agent. Nick Percoco, Kraken’s Chief Security Officer, used decoy identity verification tests during the hiring process. The applicant failed, confirming suspicions of deception.
North Korean cyber actors are not only increasing in number but also in sophistication. In April, a group linked to Lazarus reportedly established three shell companies, two of which were based in the United States. Their goal was simple, to distribute malware and launch social engineering attacks on crypto developers all over the country.
Cyber threat intelligence analyst Heiner Garcia, affiliated with Telefónica and a specialist in blockchain security, has also been tracking these developments.
In February, he conducted a mock job interview with a suspected North Korean freelancer, who unintentionally revealed links to known crypto scams tied to the regime. Garcia later shared these findings, highlighting the intricate tactics being used.
Given the scope of North Korea’s cyber operations, G7 leaders are expected to discuss coordinated strategies to strengthen global cybersecurity, enhance blockchain monitoring, and disrupt the financial channels used by the regime.
These measures may include but are not limited to:
The inclusion of these issues in the upcoming G7 agenda signals a shift in how global powers view cybersecurity, not just as a tech concern, but as a matter of national and international security.
In any case, North Korea’s pivot to crypto-based crime as a means of funding its regime has garnered the attention of numerous countries. As the G7 summit approaches, leaders of these countries have an opportunity to create unified frameworks to protect the crypto ecosystem from nation-state threats and send a strong message that cybercrime will not be tolerated.
Subscribe to stay informed and receive latest updates on the latest happenings in the crypto world!
Subscribe to stay informed and receive latest updates on the latest happenings in the crypto world!
