SEOUL, July 3 (UPI) — North Korean-linked hackers stole roughly $643 million in cryptocurrency at some stage in the major half of of 2026, accounting for approximately two-thirds of all crypto funds stolen worldwide, in step with a brand original characterize by San Francisco-based entirely entirely blockchain prognosis agency TRM Labs.
Nearly 90% of North Korea’s stolen proceeds — about $577 million — came from factual two assaults on decentralized finance platforms in April, the characterize acknowledged.
On April 1, North Korean-linked hackers drained $285 million from Waft, a Solana-based entirely entirely decentralized futures exchange. Later in the month, hackers believed to be linked to North Korea’s Lazarus Neighborhood stole $292 million from KelpDAO, a DeFi platform that enables users to set up yield on cryptocurrency deposits.
The characterize, launched this week, tracked a file 207 cryptocurrency hacks at some stage in the major six months of the yr. Entire losses, nonetheless, fell to $972 million from $2.3 billion at some stage in the identical length in 2025, largely on story of there had been fewer massive thefts.
Even though North Korea’s haul used to be down from the roughly $1.7 billion stolen at some stage in the major half of of 2025, TRM Labs acknowledged the decline did now not show masks a decreased possibility.
“North Korea’s activity has not slowed,” the characterize acknowledged. “The difference is that the rest of the ecosystem experienced fewer large-scale thefts than in 2025. A single successful operation against a major target can still outweigh months of losses from every other attacker combined.”
Lazarus, a North Korean snort-backed hacking community, has been linked to a string of an increasing form of sophisticated cryptocurrency thefts. In February 2025, the community stole about $1.5 billion from cryptocurrency exchange Bybit in what’s widely opinion to be essentially the most entertaining such heist in historical past.
Authorities convey such operations are a key provide of earnings for North Korea, which faces sweeping global sanctions over its nuclear weapons and ballistic missile programs.
A now-disbanded U.N. panel of consultants estimated in a 2024 characterize that illicit cyber project accounted for approximately 40% of funding for Pyongyang’s weapons programs.
The U.S. Treasury Department acknowledged in November that North Korea had stolen more than $3 billion over the old three years via cyberattacks targeting monetary institutions and cryptocurrency platforms.
Pyongyang has also turned to diversified forms of cybercrime to elevate funds, including the usage of a ways-off IT workers to contrivance employment at Western companies below fabricated identities.
“North Korea continues to generate cryptocurrency through other illicit activity, including phishing campaigns, social engineering, fraud, scams and covert IT worker operations,” the characterize acknowledged. “As a result, the USD 643 million reflected here represents only one portion of its overall crypto revenue.”
The findings plot because the United States and its allies are stepping up efforts to wrestle North Korea’s cyber threats.
In June, Neighborhood of Seven leaders flagged North Korea’s illicit cyber project as a serious global safety thunder, including the subject to their joint whisper on geopolitical disorders for the major time.
“We reiterate the need to jointly address North Korea’s cryptocurrency thefts and cybercrimes,” the G7 whisper acknowledged.
Closing week, the United States, Japan and South Korea held the fifth assembly of a trilateral working community on North Korea’s cyber threats in Washington.
“Participants reiterated the importance of continued law enforcement cooperation and coordination to strengthen enforcement of international sanctions against the DPRK to prevent malicious cyber activity and illicit revenue generation,” a U.S. Advise Department spokesperson acknowledged.
The Democratic Other folks’s Republic of Korea is the first rate determine of North Korea.




