Hackers linked to North Korea caused the largest share of financial losses in the cryptocurrency sector in 2026. According to analysts, their activities accounted for 76% of the total losses in the digital asset market in the first months of 2026, amounting to approximately $577 million.
This is reported by Finway
Two Major Attacks in April
The bulk of the losses was inflicted by just two serious attacks that occurred in April. The first breach involved the KelpDAO protocol, resulting in the theft of $292 million. According to experts, the TraderTraitor group, operating in the interests of the North Korean Lazarus ecosystem, is behind this attack.
The second attack, which targeted the Drift Protocol, led to a loss of $285 million. Analysts believe this crime was carried out by another subgroup from North Korea. An investigation into this incident is ongoing, and final information has yet to be released.
Experts note that preparations for the attack on Drift Protocol were made in advance and involved the use of social engineering methods and technical interference. The attackers organized pre-signed transactions and were able to withdraw funds within minutes. After that, the assets were transferred to the Ethereum network.
Regarding KelpDAO, the attackers exploited a vulnerability in the LayerZero cross-chain infrastructure, compromised nodes, and manipulated the validation mechanism, allowing them to withdraw over 116,000 rsETH. Part of the funds was then laundered through inter-network transfer services, including THORChain.
Growing Influence of North Korea on the Crypto Industry
Analysts are noting that North Korea’s share of global crypto crimes is steadily increasing. While this figure did not exceed 10% in 2020-2021, it reached 64% in 2025, and in 2026 it has already hit 76%.
“Since 2017, North Korean groups have stolen over $6 billion.”
Experts point out that the strategy of North Korean hacker groups has changed: they are conducting fewer attacks, but the amounts stolen are significantly larger. The main targets remain crypto bridges, multi-signatures, and cross-chain infrastructures, whose vulnerabilities allow for maximum profits.
It is also noted that the company Circle is currently facing a class-action lawsuit due to inaction during the $280 million breach of the Drift Protocol.