76% of All Crypto Stolen in 2026 Is Now in North Korea

The 2026 crypto‑theft landscape has been reshaped by a single actor: North Korea. TRM Labs reports that three‑quarters of all stolen digital assets this year have landed in Pyongyang, a dramatic jump from the two‑thirds share recorded in 2025. The surge is anchored by two massive DeFi heists – the Drift Protocol and KelpDAO – each delivering close to $300 million. By concentrating on low‑frequency, high‑reward attacks, the DPRK maximizes returns while minimizing exposure, turning cryptocurrency into a reliable revenue stream for its nuclear ambitions.

What sets this wave apart is the integration of artificial‑intelligence into the attackers’ playbook. AI‑driven language models streamline persona creation, automate code generation, and accelerate vulnerability research, collapsing the timeline from discovery to exploitation. Analysts note a 500% rise in AI‑assisted scams over the past year, allowing North Korean groups like TraderTraitor and Citrine Sleet to execute precision strikes against complex smart‑contract ecosystems. The result is a series of rapid, high‑value breaches that outpace traditional security controls.

For the broader DeFi ecosystem, the implications are stark. Startup‑level security frameworks are ill‑equipped to defend against nation‑state actors wielding AI at scale. Experts call for real‑time, on‑chain trust validation, automated governance, and multi‑layered verification that can react within minutes rather than hours. Without such upgrades, the sector risks becoming a perpetual funding source for hostile regimes, prompting regulators to consider stricter oversight and mandatory security standards for high‑value protocols.