The United States, Japan, and the Republic of Korea have issued a joint statement warning the blockchain technology industry about ongoing cyber threats from the Democratic People’s Republic of Korea (DPRK). The statement highlights concerns over DPRK's cyber activities that threaten not only these three nations but also the global financial system. The focus is on preventing thefts and recovering stolen funds to deny DPRK illicit revenue for its weapons programs.

The joint statement identifies advanced persistent threat groups linked to DPRK, such as the Lazarus Group, which have been involved in various cybercrime campaigns targeting cryptocurrency exchanges and digital asset custodians. In 2024 alone, significant thefts attributed to DPRK include $308 million from DMM Bitcoin, $50 million from Upbit, and $16.13 million from Rain Management. Additional thefts against WazirX for $235 million and Radiant Capital for $50 million were also noted.

The United States observed aggressive social engineering attacks by DPRK in September 2024 using malware like TraderTraitor and AppleJeus. Similar tactics were reported by South Korea and Japan. Government agencies have issued multiple advisories regarding insider threats posed by DPRK IT workers.

The statement calls for deeper collaboration between public and private sectors to counter these threats. In the U.S., initiatives like the Illicit Virtual Asset Notification (IVAN) partnership, Cryptoasset and Blockchain Information Sharing and Analysis Center (Crypto-ISAC), and Security Alliance (SEAL) are highlighted as mechanisms for information sharing.

Public-private symposiums co-hosted by South Korea and the U.S., along with warnings issued by Japan's Financial Services Agency in collaboration with JVCEA, emphasize proactive measures against crypto-asset thefts.

The three countries commit to continuing their efforts against DPRK's cyber activities through sanctions on cyber actors and improving cybersecurity across the Indo-Pacific region.