Son Dakika
BRJustiça determina remoção de 13 postes instalados em dunas na Praia do Campeche, em FlorianópolisBRDois jovens morrem e um é baleado após ataque a tiros em bar de Jaguaré; suspeito é presoCN保时捷或将再裁员4000人,管理和行政岗位受影响尤为严重BRProfessor de jiu-jítsu é preso por crimes sexuais no AmazonasTRCumhurbaşkanlığı İletişim Başkanı Duran'dan Trump'ın Türkiye ziyaretine ilişkin açıklamaDEMillionen Iraner folgen Trauerprozession für getöteten Ajatollah ChameneiCN内马尔难救主 巴西离“六星之梦”还有多远?BRMotociclista morre em colisão frontal em rodovia de ParagominasRUШесть человек, включая двух детей, ранены при атаке дрона ВСУ на автобус в Белгородской областиFRCédric Jubillar, Anastasia Berezovska, Hamza F. : les faits divers marquants de la semaineBRJustiça determina remoção de 13 postes instalados em dunas na Praia do Campeche, em FlorianópolisBRDois jovens morrem e um é baleado após ataque a tiros em bar de Jaguaré; suspeito é presoCN保时捷或将再裁员4000人,管理和行政岗位受影响尤为严重BRProfessor de jiu-jítsu é preso por crimes sexuais no AmazonasTRCumhurbaşkanlığı İletişim Başkanı Duran'dan Trump'ın Türkiye ziyaretine ilişkin açıklamaDEMillionen Iraner folgen Trauerprozession für getöteten Ajatollah ChameneiCN内马尔难救主 巴西离“六星之梦”还有多远?BRMotociclista morre em colisão frontal em rodovia de ParagominasRUШесть человек, включая двух детей, ранены при атаке дрона ВСУ на автобус в Белгородской областиFRCédric Jubillar, Anastasia Berezovska, Hamza F. : les faits divers marquants de la semaine
Newsgather
GeriRipple to Share North Korean Threat Intelligence With Crypto Industry
Ripple to Share North Korean Threat Intelligence With Crypto Industry
HABER
Decrypt05.05.2026Crypto2 dk okuma

Ripple to Share North Korean Threat Intelligence With Crypto Industry

Neden Önemli?

North Korean hackers have been increasingly active in stealing cryptocurrency, employing sophisticated tactics including social engineering. This has led to significant financial losses for crypto firms and a growing concern within the industry.

Yazı boyutu

In brief

Ripple is sharing internal threat intelligence on North Korean hackers with the crypto industry.

North Korean hackers have stolen $577 million in cryptocurrency so far in 2026, representing 76% of all crypto hack losses this year from just a “handful” of attacks.

April’s Drift exploit saw DPRK hackers make away with $285 million following a months-long social engineering campaign targeting company employees

Ripple is now sharing its internal threat intelligence on North Korean hackers with the crypto industry through Crypto ISAC, the company announced Monday, arguing that, “the strongest security posture in crypto is a shared one.”

Christina Spring, Director of Growth at not-for-profit cybersecurity organization Crypto ISAC, wrote in a blog announcing the news that the data shared by Ripple, “ranges from domains and wallets known to be associated with fraud, to Indicators of Compromise (IOCs) from active DPRK hack campaigns.”

Ripple's threat intelligence includes enriched profiles of suspected North Korean IT workers trying to embed themselves inside crypto firms, covering domains, wallets, and indicators of compromise.

“What makes this different from a typical threat feed isn't just the data, it's the contextual enrichment from a security team with deep expertise of the threat actors impacting the crypto ecosystem,” Spring added.

The intelligence sharing comes as North Korean operatives shift tactics from quick technical exploits to patient social engineering campaigns. In the Drift hack, attackers spent months befriending the platform's contributors before slipping malware onto their machines and stealing the keys.

The KelpDAO attackers employed a different approach, compromising two internal RPC nodes and launching DDoS attacks against external nodes to feed false data to LayerZero Labs DVN. Just a “handful of attributed incidents” including the KelpDAO and Drift hacks accounted for 76% of all crypto hack value in 2026 through April, according to blockchain intelligence firm TRM Labs.

Security experts warn that North Korea's recent crypto attacks represent a fundamental shift in threat modeling across the crypto space. Natalie Newson, senior blockchain security researcher at CertiK, last month noted that Lazarus Group’s elevated activity level is raising concerns among the industry. "KelpDAO, Drift, and now a new macOS malware kit, all within the same month,” she said, adding that, “This isn't random hacking; it's a state-directed financial operation running at a scale and speed typical of institutions."

The severity of the April attacks triggered immediate industry responses. The Arbitrum Security Council froze over 30,000 ETH of the attacker's downstream funds after the KelpDAO exploit on April 20, demonstrating the ecosystem's growing ability to coordinate defensive measures.

However, the response has caused some friction in the DeFi community, with Aave yesterday filing a memorandum in federal court asking for the $71 million in funds frozen by Arbitrum to be unblocked, arguing that the money belongs to its users rather than the hackers.

The intelligence sharing initiative reflects a broader industry shift toward collaborative security measures, Justine Bone, Executive Director of Crypto ISAC, said. “For too long, information sharing was seen as optional. Today, it is the gold standard for security," Bone noted, calling Ripple’s collaboration, “the definitive proof of concept."

Bundan Sonra Ne Olabilir?

Yapay zekâ öngörüsü — kesinlik taşımaz

  • Further collaboration and information sharing initiatives within the crypto industry to combat cyber threats.

    Çok muhtemel · Aylar içinde

  • North Korean hackers will continue to adapt their tactics, potentially focusing on new exploit vectors or social engineering methods.

    Çok muhtemel · Aylar içinde

  • Increased legal challenges and debates surrounding the freezing and unfreezing of cryptocurrency assets linked to illicit activities.

    Muhtemel · Aylar içinde

Açık Sorular

  • What specific measures will Crypto ISAC implement with the shared intelligence?
  • Will other major crypto firms contribute their threat intelligence?
  • What will be the outcome of Aave's legal challenge regarding the frozen funds?
  • How effective will the shared intelligence be in preventing future attacks?

İlgili Konular

Bu haber ilk olarak şurada yayınlandı: Decrypt.

İlgili Haberler