North Korea denies state-backed crypto thefts after $577M report

Pyongyang rejects claims of state-run crypto theft after blockchain firm TRM Labs tied DPRK-linked actors to about $577 million in losses through April 2026.
North Korea rejected allegations of state-sponsored cryptocurrency theft after blockchain intelligence linked DPRK-affiliated actors to roughly $577 million in losses through April 2026. A Foreign Ministry spokesperson, cited by state media, called the accusations “absurd slander” and “a political tool” used to justify a hostile U.S. policy. The spokesperson criticized Washington's portrayal of itself as the “world's greatest victim” and warned Pyongyang would “never tolerate” confrontation and would take “all necessary measures” to defend state interests.

TRM Labs reported the $577 million figure and said it represented 76% of global cryptocurrency hack losses in the first four months of 2026. The total was driven by two April incidents: a $292 million exploit of KelpDAO and a $280 million attack on the Drift Protocol.
The firm attributed the KelpDAO breach to a subgroup called TraderTraitor, linked to the Lazarus operation, and said the Drift attack involved a separate subgroup with attribution still under review. TRM noted those two incidents accounted for a large portion of losses despite making up about 3% of recorded incidents by count through April.
TRM's data show North Korea's share of global crypto hack losses rose from under 10% in 2020 and 2021 to 64% in 2025. The firm said cumulative thefts tied to DPRK actors have exceeded $6 billion since 2017.
International authorities and U.S. officials have repeatedly connected proceeds from cyberthefts and stolen digital assets to North Korea's military programs. A U.N. report cited by security officials found stolen cryptocurrency has become an important revenue source for Pyongyang's nuclear and ballistic missile programs.
On March 13, the U.S. Treasury Department's Office of Foreign Assets Control sanctioned six individuals and two entities linked to schemes involving DPRK IT workers. U.S. officials say those networks generated nearly $800 million in 2024 and included facilitators who enabled cryptocurrency transactions and converted funds into digital assets.
Law enforcement and financial regulators have increased scrutiny of on-ramps and exchanges used to launder stolen digital assets. TRM said the pattern of large single-event heists combined with long-term laundering helps explain the rising share of global losses attributed to DPRK-linked actors.
North Korea's public statement reiterated its rejection of the allegations and did not address the specific forensic details or attribution cited by TRM Labs and U.S. authorities.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.








