North Korean Hacking Groups Claimed Over 75% of All Crypto Hack Value in Past Year, Report Reveals

State‑backed cybercrime has become a dominant force in the cryptocurrency arena, and the latest TRM Labs report confirms that North Korean actors now account for roughly 76 percent of all documented hack‑related losses in 2026. By the end of April the group had siphoned about $577 million from just two high‑profile incidents, a stark jump from the 64 percent share recorded in 2025. The trajectory began under 10 percent in 2020 and has accelerated each year, reflecting Pyongyang’s strategic shift toward fewer, higher‑value targets rather than opportunistic raids.

The two breaches illustrate North Korean sophistication. On April 1 the Drift Protocol, a Solana perpetuals exchange, lost $285 million after attackers secured pre‑signed, durable transactions through in‑person meetings with insiders and injected a fake collateral token to manipulate oracles. Two weeks later KelpDAO’s rsETH LayerZero bridge on Ethereum was compromised; malicious actors replaced RPC software, launched a DDoS attack, and forced a single verifier to approve a fraudulent burn, draining $292 million. Both incidents depended on deep on‑chain knowledge and coordinated social engineering, exposing bridge design and governance flaws.

Industry reaction has been swift. DeFi projects are accelerating the adoption of multi‑verifier bridge architectures and integrating real‑time monitoring tools that flag suspicious on‑chain activity across exchanges and liquidity protocols. THORChain, repeatedly used to launder stolen assets, is now under heightened scrutiny, prompting tighter AML controls and partnership with law‑enforcement tracking services. Analysts also warn that AI‑driven reconnaissance could further sharpen target selection, making state‑backed attacks harder to anticipate. As decentralized finance expands, robust governance, diversified verification and cross‑industry intelligence sharing will be essential to curb the growing threat from nation‑state actors.