North Korean Cyber Crime Dominates Cryptocurrency Theft in 2026

By Patricia Miller

2 min read

North Korean hackers stole $643 million in crypto in H1 2026, dominating the landscape of cryptocurrency thefts and exploits.

North Korean hackers stole an astonishing amount of crypto, totaling $643 million in just the first half of 2026. This accounts for 66% of all crypto thefts and exploitation this year, showcasing an alarming level of dominance in the digital crime landscape.

To put the situation into perspective, overall losses in cryptocurrency-related crimes reached $972 million across 207 incidents during this period. The highly notorious Lazarus Group from North Korea, along with its subgroups, has been responsible for a significant portion of these thefts, directing much of the stolen funds towards the regime's nuclear ambitions. Notably, two significant attacks in April alone resulted in staggering losses of $577 million.

#What Happened in April?

In April, hackers launched two swift and successful attacks that exemplified their ability to execute complex heists with precision. On April 1, a vulnerability in the Drift Protocol led to a theft of approximately $285 million in a matter of twelve minutes. This incident involved social engineering tactics that compromised protocol signers and left investors scrambling to recover their losses.

Later in the month, on April 18, KelpDAO fell victim to an exploit involving a LayerZero bridge, resulting in around $292 million stolen. This attack has been linked to TraderTraitor, a subgroup known for its expertise in cross-chain exploits. Together, these two incidents accumulated over half a billion dollars in losses in less than three weeks.

#Are Crypto Hacks Increasing?

Interestingly, while the overall losses in H1 2026 are significantly less than the $2.3 billion lost during the same time in 2025, the record number of incidents—207 attacks—indicates a shift in strategy among hackers. Instead of opting for numerous smaller targets, these criminals are strategically focusing on more significant infrastructure attacks on decentralized finance (DeFi) protocols and cross-chain transactions.

Most of the stolen funds remain untraceable as North Korean hackers excel at laundering the proceeds through mixing services, crypto bridges, and other obfuscation methods, making it highly challenging to recover stolen assets.

It's crucial to note that the reported $643 million only reflects losses from direct hacking incidents. It does not account for the revenues generated through phishing scams, fraudulent job advertisements, and other social engineering schemes that North Korean operatives execute alongside these cyber attacks.

#What Does This Mean for Investors?

Since 2017, North Korean state-sponsored hacking factions have accumulated over $6 billion in cryptocurrency thefts, reflecting a significant advancement in their cyber capabilities. The Lazarus Group has evolved from executing basic exchange hacks to leveraging social engineering, custom malware, and in-depth knowledge of DeFi architecture for successful attacks.

Given this ongoing threat, investors must remain vigilant when allocating funds in DeFi protocols and be proactive in assessing security measures. The recent loss of nearly $600 million due to inadequate security measures in two protocols should serve as a stark reminder of the risks involved. Questions regarding multisig configurations, operational security practices, and recent security audits should be paramount considerations before engaging in investments in decentralized platforms.

Important Notice And Disclaimer

This article does not provide any financial advice and is not a recommendation to deal in any securities or product. Investments may fall in value and an investor may lose some or all of their investment. Past performance is not an indicator of future performance.