North Korea crypto theft hits $6.75B as G7 flags nuclear funding risk

North Korea’s cryptocurrency theft operation has become one of the most consequential cybersecurity and geopolitical issues of the decade — and the G7 has finally put it at the center of formal diplomacy. At their Évian summit in France, leaders from the world’s seven largest advanced economies issued a joint communiqué explicitly addressing North Korea crypto theft as a weapons-financing threat, not merely a cybersecurity nuisance.

Key takeaways

• G7 leaders at the Évian summit linked North Korea’s crypto thefts to nuclear and ballistic missile funding concerns.
• Chainalysis estimates North Korean hackers stole $2.02 billion in cryptocurrency in 2025 alone, bringing the all-time total to at least $6.75 billion.
• CrowdStrike reported a 51% rise in DPRK-linked digital asset thefts in 2025.
• North Korea-linked attacks on Drift Protocol and KelpDAO drained $577 million in April 2026.
• The G7 statement called for joint action but announced no new sanctions, no enforcement timeline, and no specific operational measures.

G7 Links North Korea’s Crypto Thefts to Nuclear and Missile Threats

The Évian communiqué was direct: G7 leaders expressed deep concern over North Korea’s nuclear and ballistic missile programs, and in the same breath called on member nations to “jointly address North Korea’s cryptocurrency thefts and cybercrimes.” The framing matters. By connecting stolen digital assets to weapons financing, the G7 has officially elevated this from a blockchain security problem to a geopolitical priority with national security implications.

Japan was a key driver in pushing this language onto the summit agenda. Finance Minister Katayama Satsuki publicly advocated at a May 18, 2026 press conference for G7 partners to formalize a collective response to state-sponsored crypto theft — describing it as the first time the group would seriously consider coordinated action on the issue. Prior discussions had floated ideas including a dedicated task force, new traceability rules for anonymous wallet transactions, and tighter compliance obligations for exchanges.

The strategic logic is hard to argue with. If stolen cryptocurrency is genuinely fueling Pyongyang’s weapons programs, then cracking down on DPRK hacking is not just about protecting crypto investors — it is about nonproliferation.

Scale and Methods of North Korea’s Cryptocurrency Thefts

2025 Crypto Theft Estimates by Chainalysis

The numbers behind this G7 response are staggering. According to Chainalysis, North Korean hackers stole at least $2.02 billion in cryptocurrency in 2025 — a figure that already represents a significant jump from 2024’s $1.34 billion across 47 incidents. That single year’s haul pushed the all-time total attributed to DPRK-linked actors to at least $6.75 billion since 2017, according to the same firm.

The single largest event in that stretch was the Bybit hack in February 2025, in which $1.5 billion was extracted from the exchange — the largest single crypto theft on record. The FBI attributed the breach to a North Korean group called TraderTraitor, issuing an IC3 advisory that noted stolen assets were rapidly converted into Bitcoin before laundering begins. The laundering was designed for speed: move value out of traceable on-chain positions before blockchain analytics firms can flag the wallets.

Rising Digital Asset Thefts and Techniques Reported by CrowdStrike

CrowdStrike’s 2026 financial services report painted an equally alarming picture. DPRK-linked actors drove a 51% year-over-year increase in digital asset theft in 2025. What makes the trend especially concerning is the sophistication of the methods involved.

North Korean groups now rely on AI-generated fake identities, fake recruiter personas, social engineering campaigns, and compromised cloud access to infiltrate crypto and financial firms. These are not opportunistic script attacks. They are patient, well-resourced operations that can spend months observing a target’s internal workflows before striking.

Notable 2026 Hacks on Drift Protocol and KelpDAO

The pace has not slowed in 2026. North Korea-linked Lazarus Group attacks drained $577 million from Drift Protocol and KelpDAO in April 2026 alone. According to TRM Labs, those two incidents — targeting a Solana-based perpetuals exchange and an Ethereum liquid restaking protocol — represented 76% of all reported global crypto hack losses through that point in the year.

The methods behind these attacks went far beyond simple smart contract bugs. They included signer manipulation, bridge weaknesses, compromised devices, and social engineering — a sign that the attacker’s toolkit is evolving faster than most platforms’ defenses.

G7’s Call for Joint Action Without New Sanctions or Enforcement Details

Statement Omits New Sanctions or Specific Enforcement Measures

Here is where the G7’s response runs into its clearest limitation. The Évian communiqué did not name new sanctions. It did not announce exchange screening rules, crypto mixer controls, or specific wallet blacklists. It set no timeline for fresh enforcement action against the laundering networks that convert stolen crypto into usable funds for Pyongyang.

The statement rested on three stated pillars — enhanced policy coordination among member nations, stronger enforcement of existing sanctions frameworks, and disruption of laundering networks — but left the operational details of all three entirely undefined.

Diplomatic Urgency Versus Lack of Operational Plans

That gap between declaration and action is the central tension the Évian communiqué forces into the open. Coordinating international enforcement against state-sponsored theft is straightforward to announce and extraordinarily difficult to execute. Policy commentary around the June 2026 declaration also highlights pressure to impose secondary sanctions on entities facilitating laundering for Lazarus-linked actors, and to require virtual asset service providers to proactively block transactions from identified North Korean wallets — but none of that pressure has yet translated into binding commitments.

For the crypto industry and its regulators, the implication is real: the G7 has placed state-sponsored digital asset theft firmly on the security agenda, but without a concrete enforcement roadmap, exchanges, DeFi protocols, and blockchain analytics firms remain the primary line of defense.

North Korea’s Official Denial and Attribution Challenges

DPRK Denies Accusations as Political Slander

Pyongyang has not acknowledged any of it. In May, a North Korean Foreign Ministry spokesperson dismissed the accusations as “absurd slander”, claiming Washington was spreading false information for political purposes. North Korea’s consistent denial complicates the diplomatic picture — attribution in state-sponsored cybercrime is inherently contested, and Pyongyang exploits that ambiguity.

Continued Attribution by Security Firms Despite Denials

That denial has not moved governments or security firms off their position. Chainalysis, CrowdStrike, TRM Labs, and the FBI have all independently attributed significant crypto thefts to DPRK-linked actors. The consistency across multiple organizations using different methodologies gives those attributions considerable weight — even if they remain impossible to prove in a court of international law.

What the G7 statement ultimately signals is that the window for treating North Korea’s crypto theft campaign as a peripheral concern has closed. The question now is whether the diplomatic momentum from Évian translates into the kind of coordinated enforcement — targeting exchanges, laundering networks, and intermediaries — that could meaningfully slow a state-sponsored hacking machine that has stolen nearly $7 billion and shows no sign of stopping.

FAQ

What is the G7’s position on North Korea’s cryptocurrency theft?

The G7 linked North Korea’s crypto thefts to nuclear and missile concerns and urged joint action at the Évian summit, but did not announce new sanctions, exchange rules, or specific enforcement details. The statement was a diplomatic declaration without an operational roadmap.

How much cryptocurrency did North Korean hackers steal in 2025?

According to Chainalysis, North Korean hackers stole at least $2.02 billion in cryptocurrency in 2025. That figure pushed the all-time total attributed to DPRK-linked actors to at least $6.75 billion since 2017.

What methods do North Korean hackers use in their crypto thefts?

According to CrowdStrike, North Korean hackers use AI-generated fake identities, fake recruiter personas, social engineering, and compromised cloud access campaigns. Attacks have also involved signer manipulation, bridge exploits, and compromised devices — moving well beyond simple smart contract vulnerabilities.

Has North Korea responded to the cybercrime allegations?

Yes. In May, a North Korean Foreign Ministry spokesperson officially denied the accusations, calling them “absurd slander” and accusing Washington of spreading false information for political reasons. North Korea has consistently rejected all attribution by Western governments and security firms.

Article produced with the assistance of artificial intelligence and reviewed by the editorial team.