North Korea has rejected allegations of sponsoring crypto thefts

North Korea has come out to deny allegations that the regime is responsible for crypto thefts and “all cyber-related frauds.” The rebuttal comes just less than a week after blockchain intelligence firm TRM Labs published its findings, which tied North Korean state-sponsored to 76% of all crypto lost to hackers so far this year. ​ A spokesperson for North Korea’s Foreign Ministry called the allegations an “absurd slander” being spread by the U.S. “government organs, reptile media organs and plot-breeding organizations” for political purposes. ​ In the report Sunday, the spokesperson said it’s quite unreasonable for the U.S., which portrays itself as the world’s best cyber technical power, to claim the victim, while blaming the DPRK for all cyber-related frauds. It is “an extension of the U.S. hostile policy toward the DPRK,” the spokesperson added. ​ The spokesperson ended by saying North Korea will actively pursue all necessary measures to defend its interests. TRM Labs says North Korean hackers have stolen $577M this year TRM Labs’ report Thursday particularly linked North Korean hackers to the Drift Protocol and KelpDAO bridge exploit, all happening in April. The losses totaled $577 million, accounting for 76% of all crypto lost in hacks in just 2026. ​ Data shows the share of crypto theft by North Korean actors has steadily increased since 2020, from under 10% to 64% in 2025, and now 76% in just the first four months of the year. Share of crypto losses to DRPK. Source TRM Labs ​The Drift Protocol hack involved months of social engineering , including what TRM described as in-person meetings between North Korean proxies and Drift employees. ​ On-chain staging began on March 11 with a withdrawal from Tornado Cash, according to TRM Labs. The attacker exploited a Solana feature called a durable nonce to pre-sign transactions, then executed 31 withdrawals in roughly 12 minutes on April 1, leading to $285 million in losses. ​ The KelpDAO breach exploited a single-verifier design flaw in a LayerZero bridge. After Arbitrum froze roughly $75 million of the stolen funds, the attackers pivoted to laundering through THORChain, converting stolen ETH to Bitcoin, with losses reaching $292 million. ​ TRM Labs attributed KelpDAO’s exploit to TraderTraitor, a Lazarus Group-affiliated operation, and says another North Korean group distinct from TraderTraitor was responsible for Drift Protocol’s exploit. U.S. bodies tie North Korean actors to Ronin, Bybit hacks Over the past years, there have also been official reports by U.S. government agencies linking North Korean hackers to major crypto hacks. ​ In February 2025, the Federal Bureau of Investigation (FBI) released a PSA categorically saying North Korea’s TraderTraitor was responsible for Bybit’s $1.5 billion hack earlier in the month. North Korea’s Lazarus Group was also attributed with the $615 million Ronin Network hack. ​ The FBI had also issued an official report, saying the DPRK actors were responsible for hundreds of millions of dollars in cryptocurrency lost in 2023, from projects including Stake and Harmony’s Horizon Bridge. ​ In other news, Cryptopolitan reported that plaintiffs holding nearly $877 million in unpaid U.S. court judgments against North Korea filed a restraining notice on April 30 to block the Arbitrum DAO from moving approximately $71 million in frozen ETH linked to the KelpDAO exploit. If you're reading this, you’re already ahead. Stay there with our newsletter .