What to know:
- North Korean state-backed hackers, mainly the DPRK and Lazarus groups, are blamed for about 76% of global crypto hack losses in 2026, or nearly $600 million, bringing their total haul since 2017 to more than $6 billion.
- TRM Labs says these hackers are becoming more precise and faster, using tactics that now include months-long, in-person social engineering campaigns like the Drift Protocol exploit and sophisticated key compromises such as the Wasabi Protocol attack.
- The $292 million KelpDAO breach, attributed to Lazarus, not only exploited a known technical flaw but also triggered one of DeFi’s largest-ever wipeouts, erasing about $13 billion from lending platforms and leaving Aave with a major bad-debt crisis that industry players are now trying to backstop.
Hackers believed to be connected to the North Korean government are getting better at their attacks. They’ve been responsible for over 76% – almost $600 million – of all cryptocurrency stolen this year.
As an analyst, I’ve been following the $285 million Drift Protocol exploit closely. What’s particularly striking is the method used – TRMLabs describes it as a remarkably sophisticated, long-term social engineering attack. Apparently, it involved months of in-person meetings between individuals working for North Korean actors and employees at Drift. It’s an unprecedented level of in-person manipulation we’ve seen in these types of attacks.
According to Ari Redbord, TRMLabs’ Global Head of Policy, North Korea is taking a new approach to its cryptocurrency hacking. He told CoinDesk that having North Korean agents meet face-to-face with people involved in the process for months is something he’s never seen before. This suggests the hacking is moving beyond simply being carried out by individuals working remotely.
According to a new report from TRMLabs released on Thursday, North Korean hacking groups – specifically DPRK and Lazarus – caused 76% of all cryptocurrency losses due to hacks and exploits in 2026, according to comments from Ari.
According to the report, North Korea’s recent activity isn’t a wider operation, but a more focused and precise one. Redbord noted that North Korea is acting with greater speed and accuracy than in the past.
According to a report by TRM Labs, North Korea has stolen more than $6 billion in cryptocurrency through various incidents since 2017.
TRMLabs discovered a connection between a recent Wasabi Protocol exploit and the attack on Drift on April 19th. Both incidents involved hackers using a stolen deployer key – one without security measures like time delays or multiple approvals – to steal funds, in Drift’s case totaling $4.5 million.
The recent $292 million loss from KelpDAO happened because of a security weakness that LayerZero had previously identified and cautioned against. This weakness involved relying on just one person to verify transactions.
According to TRMLabs, the method used in this hack was significantly different from the Drift exploit. The hackers took the stolen funds and converted them to USDC, then transferred them to Ethereum where they were exchanged for ETH. Since the theft occurred, the funds haven’t been moved, which aligns with the typical, long-term approach to laundering money seen with North Korean hacking groups.
Instead, the Lazarus group quickly moved the money they stole from KelpDAO through THORChain and Umbra. According to the report, this process was largely managed by Chinese intermediaries known to use a specific, previously observed method called TraderTraitor.
A security breach affecting Kelp DAO caused significant losses across the DeFi sector, with roughly $13 billion withdrawn from lending platforms. Aave was particularly impacted, losing $8.54 billion in deposits within two days and facing a potential $200 million shortfall. Industry members are now stepping in to help, pledging $300 million to address the issue.
Read More
- Brent Oil Forecast
- Gold Rate Forecast
- Silver Rate Forecast
- Israel’s Markets Soar Amid War – What’s the Secret?
- Aurum’s Golden Gambit: Nick Patel Joins the RWA Revolution!
- OpenSea’s CTO Dishes on the Future Beyond NFTs: A Dash of DeFi and a Pinch of AI 🌟
- Crypto’s First Quarter Fiasco: Profits Dive and Analysts Panic!
- USD PHP PREDICTION
- EUR AUD PREDICTION
- Ethereum’s Existential Crisis: A Developer’s Call for Validity Proofs
2026-04-30 16:49