Back

Ripple Shares North Korean Threat Intelligence to Combat Evolving Cyber Attacks

Severity: High (Score: 77.8)

Sources: Cryptobriefing, Theblock.Co, Tokenpost, Weex, www.cryptoisac.org

Summary

On May 5, 2026, Ripple announced it will share internal threat intelligence regarding North Korean hackers with Crypto ISAC, aimed at enhancing security across the cryptocurrency industry. This initiative follows a series of sophisticated attacks, including the $285 million theft from the Drift protocol, where attackers utilized social engineering tactics rather than exploiting software vulnerabilities. The shared intelligence includes data on fraud domains, wallet addresses, and indicators of compromise linked to North Korean cyber operations. Ripple emphasized that a threat actor who fails a background check at one company may apply to multiple others, highlighting the need for shared intelligence to prevent repeated infiltration attempts. The collaboration aims to help crypto firms identify and mitigate risks associated with insider threats and hiring practices. The recent surge in North Korean cyber activities has raised alarms, with losses attributed to these groups exceeding $500 million in April alone. This shift in attack methodology underscores the importance of collective defense strategies within the crypto sector. Key Points: • Ripple is sharing threat intelligence on North Korean hackers with Crypto ISAC. • The initiative aims to combat sophisticated social engineering tactics used in recent attacks. • North Korean cyber operations have resulted in over $500 million in losses in April 2026.

Key Entities

  • Lazarus (apt_group)
  • Lazarus Group (apt_group)
  • Kelp (apt_group)
  • TraderTraitor (malware)
  • DDoS (attack_type)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Drift (campaign)
  • Drift Hack (campaign)
  • KelpDAO Exploit (campaign)
  • KelpDAO (company)
  • Arbitrum DAO (company)
  • Coinbase (company)
  • Drift Protocol (company)
  • Kelp DAO (company)
  • Aave (platform)
  • LayerZero (platform)
  • MacOS (platform)
  • Solana (platform)
  • THORChain (platform)
  • Democratic People’s Republic Of Korea (country)
  • North Korea (country)
  • The Netherlands (country)
  • Financial (industry)
  • T1566 - Phishing (mitre_attack)
  • Drift Exploit (vulnerability)
  • Kelp Bridge Exploit (vulnerability)
  • Kelp Cross-chain Bridge Vulnerability (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed