NORTH KOREA HACKERS STEAL $577M IN CRYPTO BREACHES
SECURITY DESK■ 2 MIN READ
THU, APR 30, 2026■ AI-SUMMARIZED FROM 1 SOURCE BELOW
North Korea-linked hackers stole approximately $577 million across the Drift Protocol and KelpDAO hacks in April, representing 76% of all cryptocurrency theft losses recorded so far in 2026, according to TRM Insights.
Two distinct North Korean hacking groups executed major cryptocurrency heists last month, cementing the nation's position as a dominant threat actor in digital asset theft.
The April attacks targeted Drift Protocol and KelpDAO, extracting combined losses of $577 million. The scale of these incidents underscores the growing sophistication of state-sponsored cyber operations targeting the crypto sector.
The breaches account for three-quarters of total crypto hack losses documented through 2026, highlighting the concentration of losses among major protocol exploits. This metric demonstrates how a small number of high-impact attacks can dominate annual theft statistics.
TRM Insights, a blockchain intelligence firm, attributed both hacks to North Korean threat actors. The nation has long been identified by cybersecurity researchers and government agencies as a persistent source of cryptocurrency theft, with hackers operating to generate hard currency for the isolated regime.
The incidents reflect persistent vulnerabilities in decentralized finance platforms. Despite growing security awareness across the sector, sophisticated attackers continue to identify and exploit weaknesses in smart contract code and protocol architecture.
Crypto platforms and protocols have increasingly invested in security audits and bug bounty programs in response to mounting losses. However, the April attacks suggest these measures remain insufficient against well-resourced, state-sponsored threat actors.
The breaches carry broader implications for crypto adoption and institutional confidence. Large-scale thefts damage user trust and attract regulatory scrutiny from government agencies worldwide. North Korea's continued targeting of digital assets suggests the hacking operations remain a viable funding mechanism despite international sanctions.
Security researchers and blockchain analysts continue monitoring North Korean hacking groups for patterns and techniques that could reveal vulnerabilities in other protocols. Industry cooperation on threat intelligence sharing has intensified as platforms seek to prevent copycat attacks.
■ SOURCES
► Techmeme■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE
■ MORE FROM THE CRYPTO DESK
Perianne Boring, founder and chair of The Digital Chamber, discussed her conversation with SEC Chair Paul Atkins at the Bitcoin 2026 Conference in Las Vegas during an appearance on Bloomberg Crypto.
YESTERDAY— Industry Desk
Bitcoin climbed more than 10% throughout April as the SEC Chair detailed regulatory approaches for cryptocurrency markets. The gains come amid renewed institutional interest and clearer regulatory guidance.
YESTERDAY— AI Desk
Robinhood reported Q1 revenue of $1.07B, beating year-over-year growth but missing analyst estimates. Crypto revenue plunged 47% to $134M, falling short of expectations and triggering a 6% after-hours decline.
YESTERDAY— Industry Desk
BlackRock is expanding into cryptocurrency infrastructure by bringing its money market fund to exchange OKX, with Standard Chartered serving as custodian. The move signals deepening ties between Wall Street and digital-asset platforms.
APR 28— Industry Desk