SlowMist links 2024 cryptocurrency theft and laundering activity to North Korean hackers, highlighting social engineering against blockchain and angel-investing communities alongside fund-movement techniques after major incidents. The excerpt describes attackers impersonating investment-firm representatives on Telegram, arranging fake meetings, and persuading victims to install malicious applications or share sensitive data. It also notes DPRK IT workers using false credentials to enter IT, blockchain, and freelance roles, plus a BeaverTail variant targeting macOS users through a fake MiroTalk-style video-call disk image to steal wallet and keychain data. Laundering activity is described across Ethereum, Bitcoin, TRON, Solana, bridges, Tornado Cash, Thorchain, Debridge, eXch, exchanges, and OTC markets, with repeated splitting and bridging used to complicate tracing and test AML controls.