North Korea Denies Cybercrime as Forensics Tie It to DeFi Hacks

North Korea rejected international allegations of state-backed cybercrime, calling them ‘absurd slander’. KCNA quoted a Foreign Ministry spokesperson accusing U.S. government bodies and affiliated organizations of promoting an ‘incorrect understanding of the DPRK’ and of portraying the country as the source of cyber fraud. The statement added that Pyongyang would ‘never tolerate the hostile forces’ attempt at confrontation getting more undisguised in various domains including cyber space’ and that it would take measures to defend state and citizen interests in cyberspace.

Independent blockchain investigations present a different account. Analysis by TRM Labs found actors linked to North Korea were responsible for about 76% of recorded crypto hack losses in 2026 through April. Two large incidents attributed to separate DPRK-linked groups, the Drift and KelpDAO breaches, together accounted for roughly $577 million in losses.

Recorded losses traced to similar actors in 2025 totaled about $2.02 billion, a figure that includes a $1.5 billion theft from the exchange Bybit. U.S. authorities have identified a group they call ‘TraderTraitor’ as responsible for that theft. Blockchain tracing of many incidents shows stolen assets converted into widely used cryptocurrencies and spread across thousands of wallets to complicate recovery.

A six-month probe funded by the Ethereum Foundation through the Ketman Project identified about 100 suspected North Korean IT operatives active across 53 crypto and Web3 projects. Investigators reported some operatives used forged identities and AI-generated profiles to obtain roles or access in those firms.

Regulatory action followed forensic findings. In March, the U.S. Treasury’s Office of Foreign Assets Control sanctioned six individuals and two entities accused of taking part in schemes that placed technology workers with false identities into cryptocurrency projects and laundered proceeds.

Forensic teams trace on-chain transfers, cluster related wallets, and link cash-out points and intermediary services to known laundering networks. Analysts say repeated transfer patterns and known laundering techniques help connect thefts to the same actors even when funds are mixed and routed through decentralized services.

The contrasting claims have prompted increased scrutiny, sanctions, and ongoing investigations by private firms and government agencies. Pyongyang rejects the allegations and frames them as part of a broader campaign against the country.