DeFi Daily News
Thursday, July 9, 2026
Advertisement
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
No Result
View All Result
Home Markets Crypto Market

rewrite this title North Korea hit crypto for $500M+ this month — and the $6.75 billion threat is not over yet

Oluwapelumi Adejumo by Oluwapelumi Adejumo
April 21, 2026
in Crypto Market
0 0
0
rewrite this title North Korea hit crypto for 0M+ this month — and the .75 billion threat is not over yet
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on Telegram
Listen to this article


rewrite this content using a minimum of 1200 words and keep HTML tags

Make CryptoSlate preferred on

In just under three weeks, cyber operatives linked to the Democratic People’s Republic of Korea (DPRK) have stolen more than $500 million from crypto DeFi platforms.

This marks a drastic escalation in Pyongyang’s state-sponsored campaign to bankroll its weapons programs through cryptocurrency theft.

Drift and KelpDAO drive North Korea’s over $500 million DeFi exploits

Notably, the twin devastating exploits targeting the Drift Protocol and KelpDAO have pushed North Korea’s illicit crypto haul for the year well past the $700 million mark.

The staggering losses underscore a shift in tactics by Kim Jong Un’s cyber army, which is increasingly weaponizing complex supply-chain vulnerabilities and executing deep-cover human infiltration to bypass standard security perimeters.

On April 20, cross-chain infrastructure provider LayerZero confirmed that KelpDAO suffered an exploit resulting in the loss of approximately $290 million. The breach, which occurred on April 18, now stands as the largest single crypto hack of 2026.

The firm stated that preliminary forensics point directly to TraderTraitor, a specialized cell operating within North Korea’s notorious Lazarus Group.

Just weeks earlier, on April 1, the Solana-based decentralized perpetual futures exchange Drift Protocol was drained of an estimated $286 million.

Blockchain intelligence firm Elliptic swiftly connected the on-chain laundering methodologies, transaction sequencing, and network-level signatures to previously established DPRK attack vectors, noting it was the 18th such incident the firm had tracked this year alone.

Compromised developers lying dormant within crypto projects risks next major crypto exploitCompromised developers lying dormant within crypto projects risks next major crypto exploit
Related Reading

Compromised developers lying dormant within crypto projects risks next major crypto exploit

The bigger risk after Drift may be the access attackers gain before a protocol knows it has a problem.

Apr 8, 2026 · Gino Matos

Exploiting the infrastructure periphery

The methodology behind the April attacks reveals a maturation in how state-sponsored hackers target decentralized finance (DeFi). Instead of attacking hardened core smart contracts head-on, operatives are identifying and exploiting the structural periphery.

In the case of the KelpDAO attack, LayerZero explained that the hackers compromised the downstream Remote Procedure Call (RPC) infrastructure utilized by the LayerZero Labs Decentralized Verifier Network (DVN).

By poisoning these critical data pathways, the attackers manipulated the protocol’s operations without compromising its core cryptography. LayerZero has since deprecated the affected nodes and fully restored DVN operations, but the financial damage had already been finalized.

This indirect approach highlights a terrifying evolution in cyber warfare.

Blockchain security firm Cyvers told CryptoSlate that North Korea-linked attackers are showing increased sophistication and investing more resources, both in preparation and execution, to carry out their malicious attacks.

The firm added:

“We also observe how they consistently find the weakest link. In this case, it was a third party rather than the protocol’s core infrastructure.”

The strategy heavily mirrors traditional corporate cyberespionage and shows that DPRK-linked breaches were becoming harder to stop.

Recent incidents, such as the supply-chain compromise of the widely used Axios npm software package, which Google researchers linked to a distinct DPRK threat actor dubbed UNC1069, demonstrate an ongoing, methodical effort to poison the well before the software even reaches the blockchain ecosystem.

North Korea infiltrates crypto workforce

Beyond technical exploits, North Korea is currently executing a massive, coordinated infiltration of the global crypto labor market.

The threat model has fundamentally shifted from remote hacking campaigns to placing malicious insiders directly onto the payrolls of unsuspecting Web3 startups.

A grueling six-month investigation by the Ketman Project, an initiative operating under the Ethereum Foundation’s ETH Rangers security program, recently concluded with startling findings: roughly 100 North Korean cyber operatives are currently embedded inside various blockchain companies.

Operating under fabricated identities, these sophisticated IT workers routinely pass standard human resources screenings, gain access to sensitive internal code repositories, and sit quietly within product teams for months, or even years, before initiating a calculated attack.

This intelligence-agency-style patience was further corroborated by independent blockchain investigator ZachXBT.

He recently exposed a specialized DPRK network that has been generating roughly $1 million a month by using fraudulent personas to secure remote work.

This specific scheme funnels crypto-to-fiat transfers through sanctioned global financial channels and has processed over $3.5 million since late 2025.

Industry estimates suggest that Pyongyang’s broader deployment of IT workers generates multiple seven-figure sums monthly.

This creates a dual-pronged revenue stream for the regime: the steady accumulation of fraudulent wages, paired with the catastrophic windfalls of insider-facilitated protocol exploits.

CryptoSlate Daily Brief

Daily signals, zero noise.

Market-moving headlines and context delivered every morning in one tight read.

5-minute digest 100k+ readers

Free. No spam. Unsubscribe any time.

Whoops, looks like there was a problem. Please try again.

You’re subscribed. Welcome aboard.

North Korea’s laundering Networks and macroeconomic survival

The sheer scale of North Korea’s digital asset operations dwarfs that of any traditional cybercriminal syndicate.

According to blockchain analytics firm Chainalysis, DPRK-linked hackers stole a record $2 billion in 2025 alone, accounting for a staggering 60% of all global cryptocurrency thefts that year. That figure was heavily bolstered by a devastating $1.5 billion raid on the Bybit exchange in February 2025.

Factoring in this year’s brutal campaign, North Korea’s all-time crypto-asset haul is estimated at $6.75 billion.

Once the funds are stolen, Lazarus Group operatives exhibit highly specific, regionalized laundering patterns. Unlike ordinary crypto criminals who frequently utilize decentralized exchanges (DEXs) and peer-to-peer lending protocols, DPRK actors actively avoid them.

Instead, on-chain data reveals a heavy reliance on Chinese-language guarantee services, deep over-the-counter (OTC) broker networks, and complex cross-chain mixing services.

This specific preference points to structural constraints and deeply established, geographically limited off-ramps rather than broad, unrestricted access to the global financial system.

Can these attacks be prevented?

Security researchers and industry executives say the answer is yes, but only if crypto firms address the same operational weaknesses that continue to surface in major breaches.

Terence Kwok, founder of Humanity, told CryptoSlate that the pattern behind many of these North Korea-linked losses still points to familiar weaknesses rather than entirely new forms of cyber intrusion.

In his view, North Korean actors are improving both their access methods and their ability to move stolen funds, but the damage often still traces back to poor access controls and concentrated operational risk.

He explained:

“What’s striking is how often the damage still comes down to the same weak points around access control and single points of failure. That tells you the industry still has some basic security discipline issues it has not solved.”

Considering this, Kwok stated that the industry’s first line of defense is to make asset movement materially harder to compromise. That means imposing tighter controls over private keys, internal permissions, and third-party access across the software stack.

In practice, that would require firms to reduce reliance on individual operators, limit privileged access, harden vendor dependencies, and build more checks around the infrastructure that sits between core protocols and the outside world.

The second priority is speed. Once stolen funds begin moving across chains, through bridges, or into laundering networks, the chances of recovery fall sharply. Kwok said exchanges, stablecoin issuers, blockchain analytics firms, and law enforcement agencies need to coordinate far faster during the first minutes and hours after a breach if they want to improve containment.

His comments point to a broader reality for the sector.

Crypto systems are often hardest to defend where code, people, and operations meet. A compromised credential, a weak vendor dependency, or an overlooked permissions failure can create an opening large enough to drain hundreds of millions of dollars.

The challenge for DeFi is no longer just writing resilient smart contracts. It is securing the operational perimeter around them before attackers exploit the next weak link.

and include conclusion section that’s entertaining to read. do not include the title. Add a hyperlink to this website http://defi-daily.com and label it “DeFi Daily News” for more trending news articles like this



Source link

Tags: 500MBillionCryptohitKoreaMonthNorthrewriteThreattitle
ShareTweetShare
Previous Post

Watch Now: ETF Edge on energy amid US-Iran uncertainty and how ETF investors are positioning now

Next Post

rewrite this title Coinbase Flags Proof-of-Stake Chains Like Ethereum, Solana as Potential Quantum Risks – Decrypt

Next Post
rewrite this title Coinbase Flags Proof-of-Stake Chains Like Ethereum, Solana as Potential Quantum Risks – Decrypt

rewrite this title Coinbase Flags Proof-of-Stake Chains Like Ethereum, Solana as Potential Quantum Risks - Decrypt

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest
Trump announces 25% tariff on India, pending home sales fall, Oppenheimer boosts S&P target to 7,100

Trump announces 25% tariff on India, pending home sales fall, Oppenheimer boosts S&P target to 7,100

July 30, 2025
How will the Fed cope with Trump’s tariffs? A former Fed president shares her take.

How will the Fed cope with Trump’s tariffs? A former Fed president shares her take.

April 3, 2025
rewrite this title and make it good for SEOMinnesota to hold recreational retail license lottery on Tuesday

rewrite this title and make it good for SEOMinnesota to hold recreational retail license lottery on Tuesday

July 18, 2025
rewrite this title Will the Next Bilt Credit Card Please Stand Up? – NerdWallet

rewrite this title Will the Next Bilt Credit Card Please Stand Up? – NerdWallet

March 18, 2025
rewrite this title Ethereum Faces Bearish Pressure As Sentiment Hits 12-Month Low – Can ETH Avoid Dropping Below ,000? | Bitcoinist.com

rewrite this title Ethereum Faces Bearish Pressure As Sentiment Hits 12-Month Low – Can ETH Avoid Dropping Below $2,000? | Bitcoinist.com

March 1, 2025
Joe Rogan Experience #2467 – Michael Pollan

Joe Rogan Experience #2467 – Michael Pollan

March 12, 2026
rewrite this title AI Agents Could Be Turned Into Botnets Through Hallucinations, Researchers Warn – Decrypt

rewrite this title AI Agents Could Be Turned Into Botnets Through Hallucinations, Researchers Warn – Decrypt

July 9, 2026
rewrite this title Fisch Starshell Rod guide: How to get, stats, and more

rewrite this title Fisch Starshell Rod guide: How to get, stats, and more

July 9, 2026
rewrite this title UKey unveils the Seed Ring: Bringing hardware signing into everyday life | Metaverse Post

rewrite this title UKey unveils the Seed Ring: Bringing hardware signing into everyday life | Metaverse Post

July 9, 2026
rewrite this title New Hampshire rejects 0M Bitcoin-backed bond after public finance hearing

rewrite this title New Hampshire rejects $100M Bitcoin-backed bond after public finance hearing

July 9, 2026
rewrite this title British Airline Jet2 Shares Jump 9% After 6M Fuel Hedge Gain Offsets Middle East Travel Fears

rewrite this title British Airline Jet2 Shares Jump 9% After $536M Fuel Hedge Gain Offsets Middle East Travel Fears

July 9, 2026
rewrite this title with good SEO Bitcoin’s New Debt Machine Is Facing Its First Major Test

rewrite this title with good SEO Bitcoin’s New Debt Machine Is Facing Its First Major Test

July 9, 2026
DeFi Daily

Stay updated with DeFi Daily, your trusted source for the latest news, insights, and analysis in finance and cryptocurrency. Explore breaking news, expert analysis, market data, and educational resources to navigate the world of decentralized finance.

  • About Us
  • Blogs
  • DeFi-IRA | Learn More.
  • Advertise with Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.