Solana-based DEX Stabble on Apr. 7 urged all liquidity providers to withdraw funds immediately after on-chain investigator ZachXBT linked a former employee to suspected North Korean IT operations. The warning raises security and compliance concerns and could affect SOL and LINK liquidity.
Drift Protocol was hit by a $270 million breach on April 1 after a roughly six‑month infiltration by a North Korean state‑sponsored hacking group. The incident heightens concerns about DeFi security, fund recovery, and possible sanctions evasion.
Solana co-founder Anatoly Yakovenko called the recent Drift Protocol exploit "terrifying" after reports tied the incident to a sophisticated social engineering operation attributed to North Korean actors. The breach underscores growing state-linked threats to decentralized finance.
Blockchain analytics firm Elliptic says funds from the $286 million Drift Protocol exploit trace to laundering patterns linked to North Korean state actors, noting cross-chain movement and Solana-specific tracing hurdles.
The U.S. Treasury sanctioned eight individuals and entities and moved to freeze a cryptocurrency network accused of channeling nearly $800 million to North Korea’s nuclear and missile programs. The funds were raised through a global scheme that impersonated tech workers to bilk U.S. companies.
Google Cloud’s Mandiant unit says a North Korea-linked malware campaign targeting crypto users, tracked since 2018, has sharply increased in scale after adopting AI-driven techniques in November 2025. The detection highlights growing automation risks for the crypto ecosystem.
State-backed North Korean group UNC1069 is actively targeting crypto companies with custom malware deployed through social-engineering schemes, including fake Zoom calls, to exfiltrate data from Windows and macOS devices. The campaigns appear designed to enable large-scale financial theft.
The FBI has placed Sim Hyon-sop on its wanted list, accusing him of laundering cryptocurrency on behalf of North Korea. The move is part of a broader international investigation into DPRK-linked sanctions evasion.
Chainalysis reports North Korea–linked groups stole roughly $2 billion in crypto in 2025, continuing a shift toward fewer but larger attacks. The pattern echoes 2024’s $1.4 billion Bybit breach and increases pressure on exchanges and regulators.
Analysts report North Korea is using prohibited Nvidia GPUs to supercharge AI-driven attacks on digital assets, drawing on decades of state-led AI research. The move complicates sanctions enforcement and raises new risks for exchanges and custodians.