News 
Coin Information 
About us 
Customer Service 
North Korean government-backed hackers are rapidly evolving, becoming more precise and sophisticated in their methods, and now account for over 76% of global cryptocurrency losses in 2026—totaling nearly $600 million. According to a new report from TRMLabs, these cyber operations are no longer limited to remote attacks but increasingly involve complex, real-world tactics.
One of the most striking examples is the recent Drift Protocol exploit, which reportedly involved months of in-person social engineering. North Korean operatives, posing as legitimate actors, conducted face-to-face meetings with protocol employees over an extended period. This level of physical infiltration marks a significant shift in crypto hacking strategies. TRMLabs’ Ari Redbord described the operation as unprecedented, highlighting that these attacks have moved beyond simple keyboard-based intrusions.
The report identifies two primary groups, DPRK and Lazarus, as the main drivers behind these crypto hacks. Since 2017, North Korea-linked actors have stolen more than $6 billion in digital assets. Their evolving tactics show a clear trend toward targeted, high-impact attacks rather than broad, unfocused campaigns.
Other incidents reinforce this growing threat. The Wasabi Protocol exploit mirrored aspects of the Drift attack, using a compromised deployer key without proper security measures like multisig or timelocks, leading to a $4.5 million loss. Meanwhile, the $292 million KelpDAO breach exploited a known vulnerability that had been repeatedly flagged by LayerZero.
Post-hack behavior also reveals distinct operational patterns. In the Drift case, stolen funds were converted to USDC, bridged to Ethereum, and swapped into ETH, then left untouched—consistent with DPRK’s long-term laundering strategy. In contrast, Lazarus actors quickly moved KelpDAO funds through THORChain and Umbra, leveraging Chinese intermediaries in what is known as the TraderTraitor playbook.
The KelpDAO exploit had wider consequences, triggering massive withdrawals across DeFi platforms. Over $13 billion exited lending protocols, with Aave alone losing $8.54 billion in deposits within 48 hours, creating a significant bad-debt crisis now being addressed with industry-backed funding.
As crypto security threats intensify, these incidents highlight the urgent need for stronger safeguards, improved key management, and heightened awareness of both digital and physical attack vectors in the blockchain ecosystem.
Comment 0