North Korea-linked actors have frequently been associated with large-scale cryptocurrency hacks, thefts, and laundering operations in recent years.
However, the isolated nation’s foreign ministry denies any involvement in global cyber fraud.
DPRK Denounces “Reptile Media”
In an official statement, a spokesperson for the regime’s Foreign Ministry called the accusations unfounded and politically motivated by the United States and its institutions.
The statement accused what it described as “reptile media organs” and “plot-breeding organizations” of spreading false information about the DPRK to the international community. According to a report by state news agency KCNA, these claims wrongly link the DPRK to cyber-related frauds around the world while portraying the United States—which the statement described as possessing the most advanced cyber capabilities—as the primary victim.
The spokesperson called this characterization unreasonable and said the United States itself carries out indiscriminate cyber operations against other countries through its control of global IT infrastructure. The statement further framed the narrative of a DPRK “cyber threat” as part of a continuing “hostile policy” pursued by successive U.S. administrations, alleging that false information is used for political purposes to harm the country’s image.
“It is our consistent policy stand to protect cyberspace, the common wealth of mankind, from all sorts of malicious acts and thoroughly reject any sinister attempt to use the cyber issue as a political tool for violating sovereignty and interfering in internal affairs of others.”
Fewer Attacks, Greater Impact
The spokesperson also warned that the DPRK would not tolerate what it called increasingly confrontational actions by hostile forces across multiple domains, including cyberspace, and said it would take necessary measures to defend state interests and protect the rights of its citizens.
Recent analysis by blockchain intelligence firm TRM Labs found that groups linked to North Korea were responsible for 76% of all cryptocurrency hack losses in 2026 through April, driven largely by two incidents totaling $577 million. That share has risen from under 10% in 2020–2021 to 64% in 2025, a year heavily influenced by the Bybit breach, which remains one of the largest crypto hacks on record. This year’s losses were significantly affected by attacks on KelpDAO and Drift.
TRM Labs concluded that the total number of attacks has not increased dramatically, but the average impact of each attack has grown. Most losses stem from a small number of high-value incidents, indicating a strategic shift toward fewer but more lucrative targets. TRM analysts also suggested that threat actors may be employing advanced tools, including artificial intelligence, to enhance attack planning and social engineering efforts.