Chainalysis reported that stolen cryptocurrency funds and ransomware inflows rose in 2024 even as aggregate illicit on-chain activity declined year to date. In the DPRK-relevant section, the report says attackers, including North Korea-linked IT workers, are using off-chain social engineering methods such as applying for IT jobs to infiltrate crypto-related services and steal funds. The report links this activity to a renewed focus on centralized exchanges, noting that centralized services have been compromised for high values in 2024 and citing DMM's $305 million loss as a major example of the broader trend. The finding matters for defenders because it ties crypto theft risk not only to technical exploitation, but also to hiring, identity, and remote-work controls at exchanges and other crypto services.