North Korea stole $577M in crypto hacks in April alone, TRM Talks discussion reveals

North Korea stole $577M in crypto hacks in April alone, TRM Talks discussion reveals

Ribbit Capital's Jessi Brooks argues the industry needs to stop hiding behind vague 'illicit finance' language when the threat has a name and a nuclear weapons program

When crypto people talk about “illicit finance,” they tend to keep things abstract. Jessi Brooks wants to make it uncomfortably specific.

Brooks, General Counsel at Ribbit Capital and a former federal prosecutor, appeared on TRM Talks on July 1 to deliver a message the industry probably needs to hear more often: the single biggest threat to crypto security isn’t some shadowy cabal of anonymous hackers. It’s North Korea, and the money it steals goes directly toward building nuclear weapons.

The numbers behind the nightmare

TRM Labs’ mid-year data paints a picture that’s hard to ignore. North Korean-linked hackers were responsible for approximately $577 million in crypto stolen during April 2026 alone. That figure accounted for a staggering 76% of all crypto hack value recorded through that month.

Advertisement

Two attacks did most of the damage, both attributed to distinct subgroups of the Lazarus Group, North Korea’s infamous state-sponsored hacking operation.

The first hit Drift Protocol on April 1, resulting in $285 million stolen. The second targeted KelpDAO on April 18, netting $292 million.

For the full first half of 2026, TRM Labs reports that 66% of all crypto losses trace back to North Korean operations. That’s a single nation-state responsible for two-thirds of all money lost to hacks in the entire industry.

North Korea’s cumulative crypto theft since 2017 now exceeds $6 billion, making the DPRK the single largest source of stolen value in the crypto space.

How they pulled it off

The Drift Protocol exploit involved extensive social engineering conducted over months. The attackers reportedly engaged in in-person meetings as part of the operation.

The KelpDAO attack took a different approach, exploiting a flaw in a LayerZero bridge.

Brooks, drawing on her national security background, used these examples to argue for a fundamental shift in how the industry discusses threats. The term “illicit finance” is too sanitized, she suggested. It obscures the reality that specific victims exist, that specific state actors are responsible, and that the consequences extend far beyond lost portfolio value.

They are building a nuclear weapons system with the money that they hack from crypto.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

North Korea stole $577M in crypto hacks in April alone, TRM Talks discussion reveals

North Korea stole $577M in crypto hacks in April alone, TRM Talks discussion reveals

Ribbit Capital's Jessi Brooks argues the industry needs to stop hiding behind vague 'illicit finance' language when the threat has a name and a nuclear weapons program

When crypto people talk about “illicit finance,” they tend to keep things abstract. Jessi Brooks wants to make it uncomfortably specific.

Brooks, General Counsel at Ribbit Capital and a former federal prosecutor, appeared on TRM Talks on July 1 to deliver a message the industry probably needs to hear more often: the single biggest threat to crypto security isn’t some shadowy cabal of anonymous hackers. It’s North Korea, and the money it steals goes directly toward building nuclear weapons.

The numbers behind the nightmare

TRM Labs’ mid-year data paints a picture that’s hard to ignore. North Korean-linked hackers were responsible for approximately $577 million in crypto stolen during April 2026 alone. That figure accounted for a staggering 76% of all crypto hack value recorded through that month.

Advertisement

Two attacks did most of the damage, both attributed to distinct subgroups of the Lazarus Group, North Korea’s infamous state-sponsored hacking operation.

The first hit Drift Protocol on April 1, resulting in $285 million stolen. The second targeted KelpDAO on April 18, netting $292 million.

For the full first half of 2026, TRM Labs reports that 66% of all crypto losses trace back to North Korean operations. That’s a single nation-state responsible for two-thirds of all money lost to hacks in the entire industry.

North Korea’s cumulative crypto theft since 2017 now exceeds $6 billion, making the DPRK the single largest source of stolen value in the crypto space.

How they pulled it off

The Drift Protocol exploit involved extensive social engineering conducted over months. The attackers reportedly engaged in in-person meetings as part of the operation.

The KelpDAO attack took a different approach, exploiting a flaw in a LayerZero bridge.

Brooks, drawing on her national security background, used these examples to argue for a fundamental shift in how the industry discusses threats. The term “illicit finance” is too sanitized, she suggested. It obscures the reality that specific victims exist, that specific state actors are responsible, and that the consequences extend far beyond lost portfolio value.

They are building a nuclear weapons system with the money that they hack from crypto.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.