NORTH KOREA HACKERS STEAL $577M IN CRYPTO BREACHES
SECURITY DESK■ 2 MIN READ
THU, APR 30, 2026■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE
North Korea-linked hackers stole approximately $577 million across the Drift Protocol and KelpDAO hacks in April, representing 76% of all cryptocurrency theft losses recorded so far in 2026, according to TRM Insights.
Two distinct North Korean hacking groups executed major cryptocurrency heists last month, cementing the nation's position as a dominant threat actor in digital asset theft.
The April attacks targeted Drift Protocol and KelpDAO, extracting combined losses of $577 million. The scale of these incidents underscores the growing sophistication of state-sponsored cyber operations targeting the crypto sector.
The breaches account for three-quarters of total crypto hack losses documented through 2026, highlighting the concentration of losses among major protocol exploits. This metric demonstrates how a small number of high-impact attacks can dominate annual theft statistics.
TRM Insights, a blockchain intelligence firm, attributed both hacks to North Korean threat actors. The nation has long been identified by cybersecurity researchers and government agencies as a persistent source of cryptocurrency theft, with hackers operating to generate hard currency for the isolated regime.
The incidents reflect persistent vulnerabilities in decentralized finance platforms. Despite growing security awareness across the sector, sophisticated attackers continue to identify and exploit weaknesses in smart contract code and protocol architecture.
Crypto platforms and protocols have increasingly invested in security audits and bug bounty programs in response to mounting losses. However, the April attacks suggest these measures remain insufficient against well-resourced, state-sponsored threat actors.
The breaches carry broader implications for crypto adoption and institutional confidence. Large-scale thefts damage user trust and attract regulatory scrutiny from government agencies worldwide. North Korea's continued targeting of digital assets suggests the hacking operations remain a viable funding mechanism despite international sanctions.
Security researchers and blockchain analysts continue monitoring North Korean hacking groups for patterns and techniques that could reveal vulnerabilities in other protocols. Industry cooperation on threat intelligence sharing has intensified as platforms seek to prevent copycat attacks.
■ SOURCES
► Techmeme■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE
■ MORE FROM THE CRYPTO DESK
Tether, the world's largest stablecoin issuer, plans to launch GELT, a digital currency pegged to Georgia's lari with backing from the Georgian government. The partnership marks an unusual collaboration between a major crypto firm and a sovereign nation.
MAY 25— Industry Desk
Coinbase Global Inc. is laying off approximately 700 employees, or 14% of its workforce, citing volatile crypto markets and the need to manage costs amid AI advancement. The cuts will occur mostly in Q2, with restructuring expenses reaching up to $60 million.
MAY 25— AI Desk
Coinbase will eliminate approximately 700 jobs, representing 14% of its global workforce, as the cryptocurrency exchange moves to reduce costs. CEO Brian Armstrong cited AI's impact on work practices as a driver of the restructuring.
MAY 24— AI Desk
Coinbase CEO Brian Armstrong announced a significant workforce reduction of approximately 14% today. The crypto exchange is scaling back operations in a move Armstrong described as difficult but necessary.
MAY 24— Industry Desk