North Korea Fuels State Revenue Machine 2026

By Ananthyka J | Edited By Sahana Kiran,May 14, 2026, 3:30 PM

North Korea’s threat actors have turned crypto theft into a methodical source of national income. Security firms say coordinated cybersecurity efforts are now critical to protect digital asset infrastructure.CertiK reports DPRK-affiliated groups stole $6.75 billion across 263 incidents from 2016 to early 2026. The data shows a decade-long uptrend in blockchain-targeted attacks.

2025-2026 Loss Data and Major Hacks

According to a CertiK report, North Korea’s crypto theft campaigns netted $2.06B in 2025, accounting for 60% of the sector’s annual total of $3.4B.

In 2026, DPRK actors have stolen $620M of the year-to-date total of $1.1B, representing 55%. The scale of major exploits, such as the 2025 $1.5B Bybit hack. Also, the $294M KelpDAO breach indicates a strategic move toward large exchange and DeFi protocol hits.

Also Read: Ripple Joins Crypto ISAC Push to Stop North Korean Hackers

Infiltration Tactics and New Threat Groups

Attack methods behind North Korea’s crypto theft operations have become more complex. For example, TRM Labs has verified that the $285 million Drift attack followed “face-to-face” meetings between DPRK proxies and protocol staff. It is a method that they say is “unprecedented”. Beyond the Lazarus Group, new DPRK movements like TraderTraitor used the Drift attack, while a different movement of DPRK executed the KelpDAO theft.

The use of these trickery tools marks a shift from remote-only exploits. North Korea’s crypto theft strategy now relies on hybrid social-engineering campaigns. Attackers pose as IT support or set up in-person meetings with project staff. That gives them access past typical security perimeters in blockchain operations. The rise of new groups like TraderTraitor alongside Lazarus shows North Korea’s cyberwarfare capabilities are expanding.