A recent report from TRM Labs reveals that North Korean hacking groups have caused the majority of crypto-related losses in 2026. As of April, they were linked to 76% of all losses from crypto hacks, but this wasn’t due to a consistent pattern of attacks; rather, it was likely caused by a few large incidents.
The vast majority of the stolen funds actually came from just two separate events, which together totaled around $577 million – a sum much larger than all other thefts combined that year.
Two Crypto Hacks, Nearly $600M Stolen
TRM Labs identified two significant security breaches in April. First, on April 1st, the Drift Protocol was hacked, resulting in losses of $285 million. Then, on April 18th, an exploit of the KelpDAO bridge led to approximately $292 million in losses.
Interestingly, these two events made up only about 3% of all crypto-related incidents in 2026 during that time.
Combined, these incidents account for 76% of the total stolen funds, highlighting a trend the report identifies in North Korea’s cyberattacks since 2017: fewer attacks overall, but each one resulting in significantly larger financial gains.
The report also shows a growing trend in the amount of stolen cryptocurrency linked to North Korea. In 2020 and 2021, they were responsible for less than 10% of total crypto theft losses. However, this percentage increased significantly to 22% in 2022, 37% in 2023, 39% in 2024, and reached 64% in 2025.
Reaching 76% by April 2026 represents a record high and indicates that recent trends aren’t just holding steady – they’re actually picking up speed.
April Sets New Record Of Incidents
TRM Labs has published a report explaining how the Drift Protocol hack happened, with a particular focus on the planning and preparation that took place over roughly three weeks before the attack actually occurred.
The attackers spent months manipulating people to gain access to those who controlled the system. Once they had access, they quickly stole all the funds – the entire process took about 12 minutes, highlighting how careful preparation can lead to swift theft.
The KelpDAO hack on April 18th happened in a unique way. TRM Labs’ research shows the problem was a weakness in how a LayerZero bridge was set up, specifically with a single-verifier design.
Following the security breach, the attackers immediately began to conceal the stolen funds. They transferred over $75 million worth of cryptocurrency through THORChain after it had initially been frozen on the Arbitrum blockchain.
These results support data from the wider crypto world. DeFiLlama, a tracker of activity and security issues in decentralized finance (DeFi), reported that April saw more hacks than any other month in crypto history.
Read More
- Robinhood’s $75M OpenAI Bet: Retail Access or Legal Minefield?
- All Skyblazer Armor Locations in Crimson Desert
- All Hauntingham’s Letters & Hidden Page in New Super Lucky’s Tale
- Speedsters Sandbox Roblox Codes
- How to Get the Sunset Reed Armor Set and Hollow Visage Sword in Crimson Desert
- How to Catch All Itzaland Bugs in Infinity Nikki
- Madden NFL 26 Cover Star Revealed
- Black Sun Shield Location In Crimson Desert (Buried Treasure Quest)
- USD RUB PREDICTION
- Top 8 UFC 5 Perks Every Fighter Should Use
2026-05-01 01:01