North Korean Cryptocurrency Hacking Activity Dominates Global Market Losses in 2026
Crypto Hack Losses Surge Amid Rise of North Korean Actors
In a stark escalation of their dominance over the cryptocurrency space, North Korean hackers accounted for 76% of all crypto asset hack losses in 2026, up from just 7% in 2020, according to data analyzed by blockchain firm TRM Labs.
This surge in losses has been driven primarily by two significant attacks on Drift Protocol and KelpDAO in April, resulting in losses exceeding $575 million.
The dramatic increase in North Korean involvement in crypto hacking can be attributed to the precision and sophistication of these groups’ tactics. Rather than relying on high-volume attacks, they focus on conducting a smaller number of meticulously planned operations, often using AI tools for reconnaissance and social engineering.
These efforts have yielded substantial rewards, with the KelpDAO exploit alone causing $292 million in losses.
The use of AI-powered tools has enabled North Korean hackers to target specific vulnerabilities within blockchain mechanisms, leading to the successful exploitation of Drift Protocol. This sophisticated approach stands in contrast to earlier methods, which relied on brute force attacks.
Furthermore, the in-person meetings reportedly involved in some cases, such as the Drift Protocol hack, mark a new level of complexity and planning exhibited by these actors.
TRM Labs’ analysis highlights the stark rise in North Korean involvement in crypto hacking, from 31% of total losses in 2017 to 76% in 2026. The data suggests that the sophistication and precision of these attacks are key factors driving the increasing success of North Korean hackers in the crypto space.
As the use of AI continues to evolve, it remains to be seen how these actors will adapt their tactics and what impact this will have on the broader crypto ecosystem.
Financial institutions and organizations handling cryptocurrencies must remain vigilant in the face of these emerging threats, acknowledging the changing landscape of cybercrime and the need for enhanced security measures to mitigate potential losses.