The cryptocurrency sector has long been targeted by hacks, with many breaches traced to North Korean threat actors, including recent high-profile incidents like the Drift Protocol exploit.
In response, several major industry players have moved to strengthen security standards and share intelligence. Ripple is the latest organization to step forward with a new collaborative approach.
Ripple to Share Intelligence
In a post on X, Ripple emphasized that “the strongest security posture in crypto is a shared one.” The company noted that a threat actor who fails a background check at one firm often applies to several others in quick succession, leaving each organization to start from scratch without shared intelligence.
To address this, Ripple will share exclusive threat intelligence with members of Crypto ISAC, a collaborative security network focused on protecting the digital asset ecosystem.
According to statements from both organizations, the level of sensitive data being shared is unprecedented. The information includes crypto wallets linked to fraud, malicious domains, and active indicators of compromise associated with North Korean campaigns.
Crucially, Ripple and Crypto ISAC said the intelligence will go beyond raw data. Ripple will contribute context-rich profiles that may include LinkedIn accounts, email addresses, phone numbers, and observed behavior patterns. The goal is to transform fragmented clues into cohesive, actionable intelligence that security teams can use to stop attackers more effectively.
The strongest security posture in crypto is a shared one.
A threat actor who fails a background check at one company will apply to three more that same week. Without shared intelligence, every company starts from zero.
Ripple is now contributing exclusive DPRK threat… https://t.co/ZiXD25iOBx
— Ripple (@Ripple) May 4, 2026
ISAC’s Infrastructure
Crypto ISAC has rolled out a new API designed to make shared intelligence usable in real time. Industry leaders, including Coinbase, have already adopted the API to integrate threat data directly into their security systems.
The API enables organizations to detect attackers more quickly and coordinate responses across the sector by feeding threat indicators into existing workflows and tooling.
“Crypto ISAC’s newly updated API represents a meaningful step forward in how intelligence is shared across the ecosystem. As an early adopter, we’ve been working closely with Crypto ISAC to onboard and operationalize new data sources in a way that aligns with our internal workflows. The result is higher-quality, more actionable intelligence that we can integrate directly into our security operations,” commented Erin Plante, Director of Brand Security and Intelligence at Ripple.
By contributing contextualized threat profiles and supporting industry-wide integration through the Crypto ISAC API, Ripple aims to reduce repetition in defenses and help firms move from isolated incident responses to coordinated, proactive protection. This collective approach is intended to limit attackers’ ability to exploit firms sequentially and strengthen overall resilience across the crypto ecosystem.