What to know:
- Ripple shares DPRK threat data to help crypto firms detect hacks and insider risks.
- Crypto ISAC says Ripple data covers fraud domains, wallets, campaigns, and IT risks.
- TRM Labs links Drift and KelpDAO hacks to $577 million in North Korean crypto losses.
Ripple has started sharing internal threat intelligence on North Korean hackers with the wider crypto industry. The move, announced Monday, changes how firms respond as DPRK-linked attackers shift tactics and target digital asset companies through hacks and worker infiltration attempts.
Crypto ISAC confirmed the development in a blog post. It said Ripple is providing high-confidence data on fraud-linked domains, wallets, active campaigns, and suspected North Korean IT workers seeking roles inside crypto firms.
Also Read: Ripple Strengthens Global Payouts as MassPay Links to VISA Direct Rails in 2026
Ripple and Crypto ISAC Focus on Faster Threat Response
According to the company, crypto security is most effective with intelligence sharing. Ripple cautioned that a threat actor rejected by an individual company might be used against three others within the same week. It stated that isolated defenses compel all the companies to commence the same investigation again.
Crypto ISAC added that the intelligence is provided by AI-enhanced detection processes. It added that this data had not been shared externally among members before. Ripple, Coinbase, and other founding members are some of the earliest companies to use the new threat feed.
The data may assist businesses to react quicker to deceits, intrusions, and insider threats. It can also assist in trying to ensure the security of crypto assets, such as XRP, as state-linked groups continue to target the crypto industry with new coordinated attacks and campaigns.
Erin Plante, Ripple’s director of brand security and intelligence, said the company worked closely with Crypto ISAC to add new data sources. She explained that the process was in line with internal systems at Ripple that generated more actionable intelligence for its security operations.
Lazarus-Linked Attacks Drive Crypto Security Concerns
The attempt is made when the number of North Korean crypto assaults keeps increasing. According to the TRM Labs report, hackers who are associated with groups like Lazarus, also known as TraderTraitor, have used new tactics and stolen almost $577 million through Drift Protocol and KelpDAO attacks.
TRM Labs claimed that these losses constituted 76% of all crypto hack losses. The hack of KelpDAO emptied $292 million of Ether. It was also publicly associated with the operatives of Lazarus Group.
Together, the Drift and KelpDAO incidents put more than half a billion dollars in losses under one state-linked actor in one month. According to Ripple and Crypto ISAC, the Drift hack was a huge wake-up call in the industry.
According to a report by Chainalysis, in 2025, the amount stolen by North Korean hackers was over $2 billion. That increased the overall estimated theft to over $6.7 billion. The numbers explain why common intelligence is emerging as a fundamental defense protecting crypto companies.
Also Read: Coinbase Australia Launches Specialized Crypto Support for SMSFs in 2026
Be the first to comment