No Result
View All Result
  • Login
Monday, July 13, 2026
theadvisertimes.com
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading
No Result
View All Result
theadvisertimes.com
No Result
View All Result
Home Cryptocurrency

North Korea stole $500 million from crypto in 20 days

by theadvisertimes.com
3 months ago
in Cryptocurrency
Reading Time: 6 mins read
A A
0
North Korea stole 0 million from crypto in 20 days
Share on FacebookShare on TwitterShare on LInkedIn


Make CryptoSlate preferred on

In just under three weeks, cyber operatives linked to the Democratic People’s Republic of Korea (DPRK) have stolen more than $500 million from crypto DeFi platforms.

This marks a drastic escalation in Pyongyang’s state-sponsored campaign to bankroll its weapons programs through cryptocurrency theft.

Drift and KelpDAO drive North Korea’s over $500 million DeFi exploits

Notably, the twin devastating exploits targeting the Drift Protocol and KelpDAO have pushed North Korea’s illicit crypto haul for the year well past the $700 million mark.

The staggering losses underscore a shift in tactics by Kim Jong Un’s cyber army, which is increasingly weaponizing complex supply-chain vulnerabilities and executing deep-cover human infiltration to bypass standard security perimeters.

On April 20, cross-chain infrastructure provider LayerZero confirmed that KelpDAO suffered an exploit resulting in the loss of approximately $290 million. The breach, which occurred on April 18, now stands as the largest single crypto hack of 2026.

The firm stated that preliminary forensics point directly to TraderTraitor, a specialized cell operating within North Korea’s notorious Lazarus Group.

Just weeks earlier, on April 1, the Solana-based decentralized perpetual futures exchange Drift Protocol was drained of an estimated $286 million.

Blockchain intelligence firm Elliptic swiftly connected the on-chain laundering methodologies, transaction sequencing, and network-level signatures to previously established DPRK attack vectors, noting it was the 18th such incident the firm had tracked this year alone.

Compromised developers lying dormant within crypto projects risks next major crypto exploitCompromised developers lying dormant within crypto projects risks next major crypto exploit
Related Reading

Compromised developers lying dormant within crypto projects risks next major crypto exploit

The bigger risk after Drift may be the access attackers gain before a protocol knows it has a problem.

Apr 8, 2026 · Gino Matos

Exploiting the infrastructure periphery

The methodology behind the April attacks reveals a maturation in how state-sponsored hackers target decentralized finance (DeFi). Instead of attacking hardened core smart contracts head-on, operatives are identifying and exploiting the structural periphery.

In the case of the KelpDAO attack, LayerZero explained that the hackers compromised the downstream Remote Procedure Call (RPC) infrastructure utilized by the LayerZero Labs Decentralized Verifier Network (DVN).

By poisoning these critical data pathways, the attackers manipulated the protocol’s operations without compromising its core cryptography. LayerZero has since deprecated the affected nodes and fully restored DVN operations, but the financial damage had already been finalized.

This indirect approach highlights a terrifying evolution in cyber warfare.

Blockchain security firm Cyvers told CryptoSlate that North Korea-linked attackers are showing increased sophistication and investing more resources, both in preparation and execution, to carry out their malicious attacks.

The firm added:

“We also observe how they consistently find the weakest link. In this case, it was a third party rather than the protocol’s core infrastructure.”

The strategy heavily mirrors traditional corporate cyberespionage and shows that DPRK-linked breaches were becoming harder to stop.

Recent incidents, such as the supply-chain compromise of the widely used Axios npm software package, which Google researchers linked to a distinct DPRK threat actor dubbed UNC1069, demonstrate an ongoing, methodical effort to poison the well before the software even reaches the blockchain ecosystem.

North Korea infiltrates crypto workforce

Beyond technical exploits, North Korea is currently executing a massive, coordinated infiltration of the global crypto labor market.

The threat model has fundamentally shifted from remote hacking campaigns to placing malicious insiders directly onto the payrolls of unsuspecting Web3 startups.

A grueling six-month investigation by the Ketman Project, an initiative operating under the Ethereum Foundation’s ETH Rangers security program, recently concluded with startling findings: roughly 100 North Korean cyber operatives are currently embedded inside various blockchain companies.

Operating under fabricated identities, these sophisticated IT workers routinely pass standard human resources screenings, gain access to sensitive internal code repositories, and sit quietly within product teams for months, or even years, before initiating a calculated attack.

This intelligence-agency-style patience was further corroborated by independent blockchain investigator ZachXBT.

He recently exposed a specialized DPRK network that has been generating roughly $1 million a month by using fraudulent personas to secure remote work.

This specific scheme funnels crypto-to-fiat transfers through sanctioned global financial channels and has processed over $3.5 million since late 2025.

Industry estimates suggest that Pyongyang’s broader deployment of IT workers generates multiple seven-figure sums monthly.

This creates a dual-pronged revenue stream for the regime: the steady accumulation of fraudulent wages, paired with the catastrophic windfalls of insider-facilitated protocol exploits.

CryptoSlate Daily Brief

Daily signals, zero noise.

Market-moving headlines and context delivered every morning in one tight read.

5-minute digest 100k+ readers

Free. No spam. Unsubscribe any time.

Whoops, looks like there was a problem. Please try again.

You’re subscribed. Welcome aboard.

North Korea’s laundering Networks and macroeconomic survival

The sheer scale of North Korea’s digital asset operations dwarfs that of any traditional cybercriminal syndicate.

According to blockchain analytics firm Chainalysis, DPRK-linked hackers stole a record $2 billion in 2025 alone, accounting for a staggering 60% of all global cryptocurrency thefts that year. That figure was heavily bolstered by a devastating $1.5 billion raid on the Bybit exchange in February 2025.

Factoring in this year’s brutal campaign, North Korea’s all-time crypto-asset haul is estimated at $6.75 billion.

Once the funds are stolen, Lazarus Group operatives exhibit highly specific, regionalized laundering patterns. Unlike ordinary crypto criminals who frequently utilize decentralized exchanges (DEXs) and peer-to-peer lending protocols, DPRK actors actively avoid them.

Instead, on-chain data reveals a heavy reliance on Chinese-language guarantee services, deep over-the-counter (OTC) broker networks, and complex cross-chain mixing services.

This specific preference points to structural constraints and deeply established, geographically limited off-ramps rather than broad, unrestricted access to the global financial system.

Can these attacks be prevented?

Security researchers and industry executives say the answer is yes, but only if crypto firms address the same operational weaknesses that continue to surface in major breaches.

Terence Kwok, founder of Humanity, told CryptoSlate that the pattern behind many of these North Korea-linked losses still points to familiar weaknesses rather than entirely new forms of cyber intrusion.

In his view, North Korean actors are improving both their access methods and their ability to move stolen funds, but the damage often still traces back to poor access controls and concentrated operational risk.

He explained:

“What’s striking is how often the damage still comes down to the same weak points around access control and single points of failure. That tells you the industry still has some basic security discipline issues it has not solved.”

Considering this, Kwok stated that the industry’s first line of defense is to make asset movement materially harder to compromise. That means imposing tighter controls over private keys, internal permissions, and third-party access across the software stack.

In practice, that would require firms to reduce reliance on individual operators, limit privileged access, harden vendor dependencies, and build more checks around the infrastructure that sits between core protocols and the outside world.

The second priority is speed. Once stolen funds begin moving across chains, through bridges, or into laundering networks, the chances of recovery fall sharply. Kwok said exchanges, stablecoin issuers, blockchain analytics firms, and law enforcement agencies need to coordinate far faster during the first minutes and hours after a breach if they want to improve containment.

His comments point to a broader reality for the sector.

Crypto systems are often hardest to defend where code, people, and operations meet. A compromised credential, a weak vendor dependency, or an overlooked permissions failure can create an opening large enough to drain hundreds of millions of dollars.

The challenge for DeFi is no longer just writing resilient smart contracts. It is securing the operational perimeter around them before attackers exploit the next weak link.



Source link

Tags: CryptodaysKoreaMillionNorthStole
ShareTweetShare
Previous Post

With no ownership prospects, bank advisors leave to form RIA

Next Post

Trump administration discussing currency swap line with UAE

Related Posts

8,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites

$558,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites

by theadvisertimes.com
July 13, 2026
0

Key Takeaways100 Thieves beat NRG 3-1 as the EWC awarded Valorant’s winner $600,000.Polymarket’s top 20 esports markets held $402,600 in...

Bolivia Considers Recognizing USDT for Payments Amid Dollar Shortage

Bolivia Considers Recognizing USDT for Payments Amid Dollar Shortage

by theadvisertimes.com
July 13, 2026
0

Bolivia is evaluating integrating Tether's USDt into its national payments system, a move that could mark one of Latin America's...

Zcash & Monero Retreat As Privacy Coins Face Setbacks in China

Zcash & Monero Retreat As Privacy Coins Face Setbacks in China

by theadvisertimes.com
July 13, 2026
0

The privacy coins are once again making headlines amid renewed pressures from Chinese legal researchers. The impact is also visible...

Bitcoin falls below ,000 as markets give Hormuz traffic just 3% chance to normalize by August

Bitcoin falls below $63,000 as markets give Hormuz traffic just 3% chance to normalize by August

by theadvisertimes.com
July 13, 2026
0

Bitcoin slipped below $63,000 as renewed fighting between the United States and Iran pushed oil prices higher, drove bond yields...

Webull EU Secures MiCA Authorisation as EU Targets Post-Regulation Gaps

Webull EU Secures MiCA Authorisation as EU Targets Post-Regulation Gaps

by theadvisertimes.com
July 13, 2026
0

Webull EU has secured approval under the Markets in Crypto-Assets (MiCA) regulation, granted by the Dutch regulator. This authorisation represents...

Ripple Almost Shut Down and Distributed XRP After SEC Lawsuit, CEO Reveals

Ripple Almost Shut Down and Distributed XRP After SEC Lawsuit, CEO Reveals

by theadvisertimes.com
July 12, 2026
0

Key TakeawaysRipple came close to shutting down after the SEC filed a lawsuit over XRP.The company considered distributing its XRP...

Next Post
Trump administration discussing currency swap line with UAE

Trump administration discussing currency swap line with UAE

SEC monitoring ’emerging pressures’ in private credit space

SEC monitoring 'emerging pressures' in private credit space

  • Trending
  • Comments
  • Latest
Should You Offer a Concession to Get Your Apartment Leased Faster?

Should You Offer a Concession to Get Your Apartment Leased Faster?

June 15, 2026
How I Maximize My Sapphire Reserve Dining Credit

How I Maximize My Sapphire Reserve Dining Credit

July 10, 2026
Fourth of July 2026 Freebies and Deals

Fourth of July 2026 Freebies and Deals

July 3, 2026
5 things financial therapists want every advisor to know

5 things financial therapists want every advisor to know

June 26, 2026
The 10 Largest NYC Tech Startup Funding Rounds of June 2026 – AlleyWatch

The 10 Largest NYC Tech Startup Funding Rounds of June 2026 – AlleyWatch

July 6, 2026
Prime Day, June 2026: How Retailers Competed With Amazon

Prime Day, June 2026: How Retailers Competed With Amazon

June 29, 2026
Oil volatility is creating a ‘win-win’ trade strategy

Oil volatility is creating a ‘win-win’ trade strategy

0
European Cars Now Track Your Eye Movements – So Much for Privacy

European Cars Now Track Your Eye Movements – So Much for Privacy

0
8,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites

$558,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites

0
These Are the Top Companies to Watch for Remote Jobs in 2026

These Are the Top Companies to Watch for Remote Jobs in 2026

0
The Fallacy of the Keynesian Theory of Insufficient Demand

The Fallacy of the Keynesian Theory of Insufficient Demand

0
Germany opposes EU trade embargo on settlements

Germany opposes EU trade embargo on settlements

0
8,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites

$558,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites

July 13, 2026
Ford Recalls Nearly 1M Vehicles in 2 Weeks. Is Your Car on the List?

Ford Recalls Nearly 1M Vehicles in 2 Weeks. Is Your Car on the List?

July 13, 2026
How Outdated EBT Cards Are Fueling a Surge in SNAP Benefit Theft

How Outdated EBT Cards Are Fueling a Surge in SNAP Benefit Theft

July 13, 2026
US stocks today: US stocks end lower as Iran tensions dampen risk appetite; chipmakers drop

US stocks today: US stocks end lower as Iran tensions dampen risk appetite; chipmakers drop

July 13, 2026
These Are the Top Companies to Watch for Remote Jobs in 2026

These Are the Top Companies to Watch for Remote Jobs in 2026

July 13, 2026
Waller says Fed shouldn’t ‘fight the last war’ on inflation but warns hikes still possible

Waller says Fed shouldn’t ‘fight the last war’ on inflation but warns hikes still possible

July 13, 2026
theadvisertimes.com

Get the latest news and follow the coverage of Business & Financial News, Stock Market Updates, Analysis, and more from the trusted sources.

CATEGORIES

  • Business
  • Cryptocurrency
  • Economy
  • Financial Planning
  • Investing
  • Market Analysis
  • Markets
  • Money
  • Personal Finance
  • Startups
  • Stock Market
  • Trading

LATEST UPDATES

  • $558,924 in Esports Bets Reveal the Esports World Cup’s Biggest Week 2 Favorites
  • Ford Recalls Nearly 1M Vehicles in 2 Weeks. Is Your Car on the List?
  • How Outdated EBT Cards Are Fueling a Surge in SNAP Benefit Theft
  • Our Great Privacy Policy
  • Terms of Use, Legal Notices & Disclosures
  • About Us
  • Contact Us

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Business
  • Financial Planning
  • Personal Finance
  • Investing
  • Money
  • Economy
  • Markets
  • Stocks
  • Trading

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.