North Korea Stole 76% of All Crypto Hack Value in 2026 — With Just Two Attacks

In 2026, North Korean hackers executed two major attacks, resulting in an astonishing 76% of total cryptocurrency thefts, raising alarms in the crypto community.

It's hard to believe, but as of April 30, 2026, North Korean hackers have orchestrated two attacks that have resulted in a staggering **76%** of all cryptocurrency thefts this year. This eyebrow-raising statistic sets a troubling tone for the crypto community, further fueled by the sheer size and sophistication of these breaches. How Did North Korea Execute Such Major Attacks? The two attacks responsible for this astounding figure are the **Drift Protocol** breach on April 1 and the **KelpDAO** hack on April 18. Together, they account for approximately **USD 577 million**, with Drift Protocol losing **USD 285 million** and KelpDAO suffering a loss of **USD 292 million**. It wasn't merely brute force behind these thefts; extensive planning and sophistication were at play. The Drift Protocol hack involved a meticulous three-week pre-attack staging phase, entailing months of social engineering to manipulate protocol signers. This sophistication culminated in the actual theft, which occurred in a matter of **12 minutes**. What Makes KelpDAO's Hack Particularly Worrisome? On the other hand, the KelpDAO attack exploited a **single-verifier design flaw** within a LayerZero bridge, demonstrating another level of technical prowess. Following the hack, hackers managed to launder their stolen assets through **THORChain**, after **USD 75 million** of the assets was frozen on the Arbitrum network. In contrast to Drift, which launched a brief speedrun to Ethereum, KelpDAO pivoted to Bitcoin, now undergoing a typical TraderTraitor liquidation process. Which Tools Are Being Used for Laundering the Stolen Crypto? THORChain has emerged as a consistent choice for North Korean hackers, serving as a critical bridge for both the ** Bybit ** breach in 2025 and the KelpDAO hack in 2026. This decentralized platform has enabled hackers to convert hundreds of millions of stolen **ETH** into Bitcoin effortlessly, as no operator has been willing to freeze or reject the transactions. The implica