The Democratic People’s Republic of Korea has denied allegations of state-sponsored cryptocurrency theft, even as blockchain intelligence firm TRM Labs reported that DPRK-linked actors stole approximately $577 million in the first four months of 2026. A spokesperson for the regime’s Foreign Ministry described the accusations as “absurd slander” and a “political tool” designed to facilitate U.S. “hostile policy,” according to state news agency KCNA on Sunday.
DPRK Official Response
The Foreign Ministry spokesperson said it is unreasonable for Washington—which they described as possessing the world’s best cyber technical power—to portray itself as the “world’s greatest victim.” The spokesperson added that North Korea will “never tolerate” confrontation attempts and will take “all necessary measures” to defend its state interests.
Crypto Theft Data and Attribution
According to TRM Labs, the $577 million stolen in the first four months of 2026 accounted for 76% of global cryptocurrency hack losses over the period. The total was driven by two April incidents: the $292 million KelpDAO exploit and the $285 million attack on Drift Protocol.
TRM attributed the KelpDAO breach to TraderTraitor, a Lazarus-affiliated operation, while the Drift attack involved a separate subgroup with attribution still under review. These two incidents together represented only 3% of all recorded incidents by count through April 2026.
Historical Trend and Cumulative Theft
North Korea’s share of global crypto hack losses has accelerated over time, rising from below 10% in 2020 and 2021 to 64% in 2025, according to TRM Labs. Cumulative crypto theft attributed to North Korea has exceeded $6 billion since 2017, the blockchain intelligence firm reported.
International Response and Enforcement
U.S. and international authorities have consistently linked these funds to the regime’s military infrastructure. A recent UN report noted that stolen digital assets serve as an important revenue source for Pyongyang’s nuclear and ballistic missile programs.
On March 13, the Treasury’s Office of Foreign Assets Control sanctioned six individuals and two entities linked to DPRK IT worker schemes that generated nearly $800 million in 2024. The sanctions targeted facilitators who enabled cryptocurrency transactions and converted funds into digital assets.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the
Disclaimer.
