North Korean hackers walked away with $643 million in stolen crypto during the first six months of 2026. That’s 66% of all crypto lost to theft and exploits this year, a dominance so complete it makes every other hacking group look like amateurs by comparison.

The total haul across all crypto crime in H1 2026 came to $972 million across 207 incidents. North Korea’s Lazarus Group and its associated subgroups were responsible for the lion’s share, funneling proceeds toward the regime’s nuclear weapons program. Two attacks in April alone accounted for $577 million of the total.

Two attacks, twelve minutes, half a billion dollars

The biggest hits came in rapid succession last month. On April 1, the Drift Protocol lost roughly $285 million in what amounted to a masterclass in social engineering. Attackers compromised protocol signers and executed the entire theft in approximately 12 minutes.

Then on April 18, KelpDAO got hit for approximately $292 million through a LayerZero bridge exploit. That attack has been attributed to TraderTraitor, a known Lazarus subgroup that specializes in targeting cross-chain infrastructure. Between the two incidents, North Korean actors pocketed more than half a billion dollars in less than three weeks.