DPRK cybercrime row as TRM flags 2026 losses from Drift and KelpDAO; OFAC targets DPRK IT schemes

North Korea rejects U.S. cybercrime allegations, calling them “absurd slander,” but blockchain investigators keep linking major crypto thefts to DPRK-linked groups. The DPRK cybercrime dispute is unfolding alongside a concentrated hack wave. TRM Labs says DPRK-linked hackers accounted for 76% of all crypto hack losses in 2026 (through April), driven mainly by two high-value incidents. TRM estimates about $577 million in losses tied to the Drift Protocol breach (April 1) and the KelpDAO exploit (April 18). The pattern suggests fewer attacks with larger impact, not a constant stream of small thefts. U.S. enforcement is also tightening. In March, OFAC sanctioned six individuals and two entities tied to DPRK IT-worker schemes involving alleged fraud and nearly $800 million in 2024 funding for weapons programs. The FBI highlighted DPRK-affiliated TraderTraitor activity around the $1.5 billion Bybit theft and urged exchanges, bridges, node operators, analytics firms, and DeFi services to block laundering-linked flows. For crypto traders, the DPRK cybercrime denial does not reduce operational risk. Short term, headline risk can make exchanges and bridges more cautious. Longer term, sanctions and attribution-based compliance may divert liquidity and trading volumes away from exposed pathways—often hitting the tokens tied to the affected protocols first (DRIFT, KELP).
Bearish
The news links the highest 2026 crypto loss concentration to DPRK-linked activity and names two key exploited protocols (Drift and KelpDAO). Even though North Korea denies DPRK cybercrime claims, the market impact is driven by realized losses, heightened exchange/bridge compliance caution, and tighter sanctions enforcement—conditions that typically pressure the affected token ecosystems first. Short term, traders may de-risk DRIFT and KELP on hack/attribution headlines. Longer term, ongoing DPRK-linked sanctions and monitoring can reduce liquidity routing into exposed DeFi pathways, sustaining downside pressure for the implicated projects.