North Korean Cyber-Actors Siphon $6 Billion in Crypto Since 2017—Including 76% of All 2026 Exchange Thefts: TRM

North Korean state-sponsored cyber-actors have diverted approximately $6 billion in cryptocurrency since 2017, with their share of annual exchange thefts reaching 76% in 2026 alone, according to blockchain intelligence firm TRM Labs. The figures underscore a sustained and escalating financial threat that has reshaped how the crypto industry understands its adversarial landscape.

In April alone, Pyongyang-linked actors drained $577 million from two decentralized finance (DeFi) platforms in coordinated operations. TRM's analysis points to a deliberate and evolving targeting pattern: decentralized protocols with weaker security perimeters and limited regulatory oversight have become the preferred entry point. The concentration of 2026 crypto thefts in North Korean hands suggests the regime has not merely maintained its capabilities but expanded operational tempo and technical sophistication.

Blockchain investigators note that stolen digital assets consistently flow toward Pyongyang's weapons and nuclear programs, making crypto heists a direct national security concern. The scale of extraction—now measured in billions rather than millions—reflects organized, persistent campaign infrastructure rather than opportunistic exploitation. Industry sources warn that without significant improvements in platform security architecture and cross-border coordination, North Korean actors will continue exploiting decentralized finance's structural vulnerabilities at scale.