Ripple to Share DPRK Hacker Intel to Combat DeFi Exploits
What you should know
- Ripple is sharing internal threat intelligence on North Korean hackers with Crypto ISAC members.
- DPRK-linked hackers have stolen roughly $577 million from DeFi protocols in 2026.
- Two major exploits targeted Solana-based Drift Protocol and KelpDAO.
- The intelligence shared includes enriched profiles of suspected IT workers and detailed Indicators of Compromise (IOCs).
- The goal is to foster a shared security posture across the crypto ecosystem.
Ripple Feeds DPRK Threat Intel to Crypto ISAC
In an effort to protect the digital asset sector against sophisticated cyber threats, Ripple has announced that it is sharing its internal threat intelligence on North Korean hacking activity with members of Crypto ISAC. This initiative aims to blunt a recent wave of hacks orchestrated by DPRK operatives, which has severely impacted the Decentralized Finance (DeFi) ecosystem in 2026.
Data indicates that DPRK-linked attackers have successfully siphoned around $577 million in cryptocurrency this year alone, accounting for an alarming 76% of all crypto hack losses year-to-date. Prominent protocols such as Drift Protocol and KelpDAO have been primary targets, suffering significant financial damage resulting from prolonged social engineering campaigns and complex exploits.
Unlike raw indicator lists, the intelligence Ripple is providing includes contextual enrichment. Defenders will gain access to detailed profiles of suspected North Korean IT operatives, known fraudulent domains and wallets, and specific Indicators of Compromise (IOCs). Ripple highlighted this collaborative defense strategy, noting that "the strongest security posture in crypto is a shared one."
Source discussion: