Skip to content
Tech News
← Back to articles

76% of All Crypto Stolen in 2026 Is Now in North Korea

2026-05-01 | original
read original get Crypto Security Hardware Wallet → more articles
Why This Matters

The article highlights how North Korea has become the leading beneficiary of stolen cryptocurrency in 2026, with 76% of all crypto losses attributed to its hacking activities. This trend underscores the increasing sophistication and scale of North Korean cyber operations, which pose significant threats to global financial security and the integrity of the crypto industry. The use of advanced tools like AI further amplifies their attack effectiveness, raising concerns for both industry stakeholders and consumers.

Key Takeaways

The overwhelming majority of stolen cryptocurrency today is being used to fund the Democratic People's Republic of Korea (DPRK).

Crypto theft is rampant because it's easy. The system, bereft of institutional safeguards by design, requires that individual participants secure their own assets — a task for which most are not particularly well-suited. The result: entire national GDPs worth of financial theft every year. Even just in 2025, in the US alone, including only known and reported cases, the FBI found that Americans lost more than $11 billion in crypto-focused scams run by cybercriminals such as gangsters in Southeast Asia.

The biggest winner of all, though, is the DPRK. According to data from TRM Labs, North Korean hackers have been responsible for at least around a third of all financial losses from cryptocurrency in six out of the past nine years. In 2026, though, they're doing their most productive work yet. By tallying up all of the money crypto traders have reportedly lost to hackers so far this year, analysts found that 76% is now in Pyongyang.

Related:Do Ceasefires Slow Cyberattacks? History Suggests Not

It isn't that North Korea is performing 76% of all crypto cyberattacks. Rather, it has become proficient in focused, low-frequency, high-reward breaches, according to TRM.

Almost all of its winnings from January to April this year, for example, come down to two incidents: an attack against the "Drift Protocol" that yielded $285 million, and another against "KelpDAO" for $292 million.

TRM analysts believe that these semi-regular, high-yield attacks might be in part an outgrowth of North Korea's increasing adoption of artificial intelligence (AI), helping it meaningfully upgrade reconnaissance and social engineering flows so that its attacks come out more perfectly baked.

The DPRK's Hundred-Million-Dollar Crypto Heists

Years ago, the Kim Jong-Un regime came upon an insight that forever changed the trajectory of both cyberspace and geopolitics. Though the hegemonic US could limit its access to global financial markets, the DPRK observed that with each passing day, largely unsophisticated and self-fashioned traders were converting more and more dollars, euros, and pesos into unregulated and insecure cryptocurrency networks.

Crypto was vulnerable to technical issues like any other digital systems were. Even better: thanks to its community's anarcho-capitalist dogma, stopping or reversing cryptocurrency theft typically involves moving mountains. A bank can kibosh a financial transfer to North Korea; cryptocurrency projects are often structurally designed to prevent anyone from doing that, and where it is possible and pressing, zealous investors often choose not to, even at the expense of their own wallets.

... continue reading

Explore topics: north korea crypto theft drift protocol trm labs cyberattacks
Related:
Webinar: Spotting cyberattacks before they begin
Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos
North Korea's Lazarus Targets macOS Users via ClickFix
Africa Relinquishes Cyberattack Lead to Latin America — For Now
CEO of Southeast Asia’s largest bank shares what keeps her up at night

© 2026 GoKawiil

About | Editorial Policy | Contact