North Korean Cyber Operatives Claim 76 Percent Share of Global Cryptocurrency Theft Losses

Pyongyang hackers seize $6 billion in assets as TRM Labs reports a surge in sophisticated DeFi attacks on Solana and Ethereum bridges.

By: AXL Media

Published: May 2, 2026, 5:59 AM EDT

Source: Information for this report was sourced from Japan Daily

Pyongyang Tightens Grip on Digital Asset Vulnerabilities

The landscape of decentralized finance faces a transformative threat as North Korean cyber units have successfully captured 76 percent of all cryptocurrency losses reported by April 2026. While the frequency of these incursions remains relatively low, representing only 3 percent of total attacks, the sheer scale of the capital siphoned indicates a pivot toward high-value targets. Data from TRM Labs suggests a monumental shift from previous years, noting that the state-sponsored share of digital theft has climbed from under 10 percent in 2021 to an unprecedented peak this spring.

Sophisticated Infiltration Tactics Target Drift Protocol

A meticulously coordinated operation against Drift Protocol underscored a new era of human-centric and technical exploitation. Preparations for the breach reportedly began in mid March, involving several months of direct, in-person interactions between operatives and protocol staff. On April 1, hackers utilized a durable nonce feature within the Solana blockchain to bypass standard security, executing dozens of withdrawals in a 12 minute window. These assets, largely consisting of USDC and JLP, were quickly bridged to the Ethereum network where they currently remain stationary.

Technical Compromise of Ethereum Bridge Infrastructure

The mid April breach of Kelp DAO revealed a distinct tactical approach involving the manipulation of internal network nodes. By launching a denial of service attack against external infrastructure, the attackers forced a single validator to process fraudulent data from compromised sources. This maneuver misled the system into believing assets had been burned on the source chain when they had not, facilitating the unauthorized removal of 116,500 rsETH. The total value of this specific theft was estimated at 292 million dollars, highlighting the fragility of bridge verification structures.