The share of North Korea-linked crypto theft has jumped from 7% to 76% over the past 6 years.
North Korea's share of total cryptoasset industry hack losses jumped almost 11 times from 2020 to 2026, while cumulative losses since 2017 have now exceeded an estimated $6 billion.
This year has only seen four months, and North Koreans have already "monopolized" the crypto crime market by executing two large hacks in April.
As previously reported by Cybernews, Drift Protocol lost around $285 million on April 1st, while the Kelp DAO bridge exploit on April 18th brought around $292 million in losses.
While representing only 3% of the incident count this year, the stolen value hit 76% of all losses, according to blockchain analysis firm TRM Labs. Similarly, North Koreans managed to reach a 64% share of all this type of losses in 2025, mostly due to the $1.46 billion Bybit exchange hack.
The analysts have attributed the KelpDAO exploit to North Korea based on on-chain analysis of both the pre-funding for the hack and the subsequent laundering of the stolen funds.
Meanwhile, in the case of Drift, analysts are still investigating which subgroup of North Korean hackers executed this theft. However, it appears to be a group distinct from TraderTraitor, which tends to take a more measured and cautious approach to laundering its heists, according to the analysts.
TRM has found that these state-sponsored hackers are now targeting more precisely, focusing on high-value targets instead of attacking more frequently.
"North Korea's premier hacking teams run a small number of precisely targeted operations each year rather than a sustained high-volume campaign," the analysts said, suggesting these criminals are now using AI tools for their reconnaissance and social engineering workflows.
Per the analysis, this is consistent with the increasing precision of attacks such as Drift, as it required weeks of targeted manipulation of complex blockchain mechanisms, while in-person meetings, as happened in the Drift case, may also be unprecedented for North Koreans.
April has also seen multiple hacks in the decentralized finance (DeFi) industry, which is attributed to the increased use of AI tools.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked