News
U.S. senators won't be weighing in on prediction markets bets after banning themselves
U.S. Senate unanimously bans members from participating in prediction markets amid insider trading concerns.
CoinDesk1 min read
North Korean Hackers Have Stolen $6 Billion in Crypto—Including 76% of 2026's Spoils: TRM
TL;DR
North Korean hackers have stolen $6 billion in cryptocurrency since 2017, including 76% of 2026's total hack value from two April attacks totaling $577 million. These incidents involved social engineering and exploiting a blockchain vulnerability.
Key points
- North Korea stole 76% of all crypto hack value in 2026
- Two April attacks totaled $577 million
- One hack used social engineering tactics
- The other exploited a blockchain bridge vulnerability
- Total theft since 2017 exceeds $6 billion
Mentioned in this story
North Korea
TRM LabsDrift ProtocolKelp DAO
In brief
- North Korea stole 76% of all crypto hack value so far in 2026 with just two April attacks totaling $577 million.
- One hack used months of social engineering; the other exploited a single-point verification flaw in a blockchain bridge.
- All told, TRM Labs says that North Korean hackers have stolen more than $6 billion worth of crypto since 2017.
North Korean hackers have stolen nearly three-quarters of all cryptocurrency taken by cybercriminals so far this year—not through a relentless campaign of attacks, but through two precisely executed heists targeting decentralized finance platforms in April, according to a new report from blockchain intelligence firm TRM Labs.
The two incidents—a $285 million breach of Drift Protocol on April 1 and a $292 million exploit of Kelp DAO on April 18—together account for 76% of all crypto hack losses tracked through April, despite representing just 3% of the total number of incidents recorded.
All told, TRM Labs estimates that North Korean-linked hackers have swiped over $6 billion from crypto protocols and projects since 2017, including some of the industry’s worst-ever heists.
The figures reflect an accelerating concentration of cryptocurrency theft by state-linked North Korean operatives. Pyongyang's share of total crypto hack losses has grown from under 10% in 2020 and 2021 to 22% in 2022, 37% in 2023, 39% in 2024, and 64% in 2025. The 2026 figure of 76% through April is the highest sustained share on record.
The Drift Protocol attack was remarkable for its patience. On-chain staging began March 11, and the campaign involved in-person meetings between North Korean proxies and Drift employees over a period of months—a tactic TRM analysts described as potentially unprecedented in North Korea's lengthy crypto hacking campaign.
The attackers exploited a Solana feature called a durable nonce, which allows pre-signed transactions to be held and deployed at a later time. On April 1, 31 withdrawals executed in approximately 12 minutes, draining real assets including USDC and JLP. The stolen funds were quickly moved to and have sat dormant since.
Q&A
How much cryptocurrency have North Korean hackers stolen in 2026?
North Korean hackers have stolen 76% of all crypto hack value in 2026, amounting to $577 million from two attacks.
What were the two major crypto hacks attributed to North Korea in April 2026?
The two hacks were a $285 million breach of Drift Protocol on April 1 and a $292 million exploit of Kelp DAO on April 18.
What tactics did North Korean hackers use in their attacks?
One attack involved months of social engineering, while the other exploited a single-point verification flaw in a blockchain bridge.
How much total cryptocurrency has North Korea stolen since 2017?
Since 2017, North Korean-linked hackers have stolen over $6 billion from various crypto protocols and projects.
