Group of Seven (G7) leaders have renewed their call for joint action against North Korean cryptocurrency thefts and cybercrime, broadening the scope of warnings issued in previous years. The statement, adopted during the 2026 G7 summit in Évian-les-Bains, France, expresses 'deep concern' over North Korea's nuclear and ballistic missile programs, which United Nations reports and security researchers have linked to the country's illicit cryptocurrency activities. The leaders did not specify concrete measures such as exchange screening, sanctions, or actions against mixing services, leaving implementation details to member states.
This renewed call follows a similar warning from the G7 after its June 2025 summit in Canada, where the group's chair specifically urged members to jointly address 'DPRK cryptocurrency thefts fueling' the country's weapons development. The persistent nature of these warnings underscores the growing challenge posed by North Korean cyber operations, which have evolved into a sophisticated and industrialized criminal enterprise. According to blockchain analytics firm Chainalysis, North Korean hackers stole at least $2 billion in cryptocurrency during 2025 alone, bringing the all-time total attributed to Democratic People’s Republic of Korea (DPRK)-affiliated actors to at least $6.75 billion. Despite carrying out fewer confirmed attacks, the hackers generated larger returns last year by embedding information technology workers inside crypto companies or impersonating recruiters and investors to gain access to internal systems.
High-Profile Exploits and Methods
The G7's latest statement coincides with a series of high-profile exploits suspected to be linked to North Korean actors. In April 2026, the Drift Protocol exploit resulted in approximately $285 million in losses, while the Humanity Protocol breach in June 2026 cost an estimated $36 million. These incidents highlight the targeted approach of North Korean hacker groups, such as the Lazarus Group and BlueNoroff, which have become infamous for their sophisticated social engineering and malware campaigns. The CrowdStrike 2025 Global Threat Report described North Korean actors as the largest threat group targeting cryptocurrency users by value stolen, noting that their campaigns prioritize high-value targets. The proceeds from these attacks are 'almost certainly laundered to fund the regime's military programs,' the report stated.
North Korea's cyber capabilities have evolved dramatically over the past decade. Beginning with the 2016 Bangladesh Bank heist, where hackers attempted to steal $1 billion but succeeded in taking $81 million, the regime has consistently refined its methods. The WannaCry ransomware attack in 2017, attributed to North Korea, spread globally and caused billions of dollars in damages. More recently, the 2022 exploit of Axie Infinity's Ronin bridge resulted in over $600 million in losses, marking one of the largest cryptocurrency thefts in history. These attacks are not isolated; they form part of a systematic campaign to generate revenue for the regime, circumventing international sanctions that have crippled North Korea's economy.
International Response and Challenges
The G7 call for joint action faces significant challenges due to the decentralized and pseudonymous nature of cryptocurrencies. While blockchain analysis firms can trace stolen assets, laundering through mixing services, decentralized exchanges, and cross-chain bridges makes recovery difficult. The United Nations has repeatedly called for member states to strengthen anti-money laundering measures and share intelligence on North Korean cyber activities. In 2024, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned several cryptocurrency mixing services, including Tornado Cash, for their role in laundering funds for North Korea. However, such measures have sparked debate about privacy and overregulation within the crypto community.
North Korea has consistently denied allegations of cybercrime. In a May 3, 2026 statement published by state news agency KCNA, a Foreign Ministry spokesperson accused the United States of spreading false information and described claims of a North Korean cyber threat as politically motivated 'slander.' This denial is part of a broader pattern where the regime blames external forces for its economic struggles while simultaneously leveraging cyber operations to fund its military ambitions. Despite international pressure, North Korea has continued to develop its cyber capabilities, training hundreds of hackers in state-run programs that focus on cryptocurrency theft, surveillance, and propaganda.
Broader Implications for the Crypto Industry
The ongoing threat from North Korean hackers has profound implications for the cryptocurrency industry. Exchanges and decentralized finance platforms have been forced to invest heavily in security measures, including multi-factor authentication, smart contract audits, and real-time transaction monitoring. The industry also faces increased regulatory scrutiny, with governments pushing for stricter know-your-customer (KYC) and anti-money laundering (AML) policies. Some experts argue that the focus on North Korean thefts may be overstated, as other threats such as insider attacks and ransomware are equally damaging. However, the scale and sophistication of DPRK-linked operations make them a unique challenge.
Historical context is important to understand the current situation. North Korea's cyber program dates back to the early 2000s, but it accelerated after the implementation of comprehensive UN sanctions in 2016. The country's elite hacking unit, Bureau 121, operates under the Reconnaissance General Bureau and is believed to employ thousands of hackers. These hackers are often stationed in countries like China, Russia, and Belarus, making attribution difficult. In 2020, a U.S. indictment charged three North Korean hackers with conspiracy to commit wire fraud and extortion, detailing how they targeted U.S. companies and individuals.
The G7 summit's lack of specific measures has drawn criticism from some cybersecurity experts who argue that strong action, such as coordinated asset freezes or mandatory cryptocurrency address reporting, is necessary. Others believe that diplomatic efforts, including denuclearization talks, are the only long-term solution. Meanwhile, the crypto industry continues to adapt. Some platforms have implemented blockchain intelligence tools that flag suspicious transactions associated with North Korea, while law enforcement agencies have formed joint task forces to track stolen funds.
In the first half of 2026, the total losses from North Korean-linked hacks have already surpassed $300 million, according to preliminary data from blockchain security firms. This includes the Drift Protocol and Humanity Protocol incidents, as well as several smaller exploits. Chainalysis notes that the hackers are becoming more efficient, often targeting 'soft targets' such as smaller DeFi protocols with fewer security resources. The company also reports that North Korea has expanded its reach beyond cryptocurrency to include intellectual property theft and ransomware.
The G7 leaders' statement is a reminder that the international community views North Korea's cyber activities as a global security threat. While the summit did not produce a concrete action plan, it sets the stage for future coordination. As the crypto industry matures, it must remain vigilant against state-sponsored actors who see digital assets as a means to bypass economic sanctions. The only way to counter this threat effectively is through collaboration between governments, exchanges, and cybersecurity firms, sharing intelligence and best practices to protect the integrity of the financial system.
Source: Cointelegraph News