Group of Seven (G7) leaders have renewed their call for joint action against North Korean cryptocurrency thefts and cybercrime, broadening their warning from previous years to include a wider array of malicious activities. The statement was adopted at the 2026 G7 summit held in Évian-les-Bains, France, where leaders expressed deep concern over North Korea's nuclear and ballistic missile programs, which United Nations reports and independent security researchers have consistently linked to the regime's cryptocurrency theft operations.
The G7 leaders did not specify concrete measures for member states to implement, avoiding explicit references to exchange screening, sanctions, or actions against mixing services that have often been discussed in connection with North Korean money laundering. This lack of specificity has drawn criticism from some cybersecurity experts, who argue that stronger enforcement mechanisms are needed to disrupt the funding pipelines that fuel Pyongyang's weapons development. Nevertheless, the renewed call represents a continued diplomatic effort to coordinate responses among the world's largest economies.
The 2026 summit's language marks an expansion from the previous year's statement. In June 2025, after the G7 summit in Canada, the group's chair called for members to jointly address what was then described as 'DPRK cryptocurrency thefts fueling' the country's nuclear and ballistic missile programs. The 2026 statement not only reiterates this concern but also explicitly names broader cybercrime, reflecting a growing recognition that North Korean threat actors are engaged in a wide range of digital illicit activities beyond simple theft.
Escalating Scale and Sophistication of DPRK Cyber Operations
North Korean hacking groups, most notably the Lazarus Group and its sub-units such as BlueNoroff and Andariel, have been active in the cryptocurrency space since at least 2017. Over the years, their methods have evolved from relatively simple phishing campaigns to highly sophisticated supply chain attacks, social engineering schemes, and the infiltration of crypto companies through fake job offers and IT worker placements. According to blockchain analytics firm Chainalysis, North Korean hackers stole at least $2 billion in cryptocurrency in 2025 alone, pushing the all-time total attributed to DPRK-affiliated actors to at least $6.75 billion since records began.
Interestingly, Chainalysis noted that the hackers generated larger returns in 2025 despite carrying out fewer confirmed attacks. This suggests a shift in strategy towards targeting high-value assets and employing more effective laundering techniques. The firm's report highlighted the use of decentralized finance (DeFi) protocols, cross-chain bridges, and mixing services to obfuscate the flow of stolen funds. North Korean actors have also been known to use a network of accomplices and shell companies to cash out their illicit gains, often through over-the-counter (OTC) desks in jurisdictions with weak anti-money laundering regulations.
In May 2026, a report by cybersecurity firm CrowdStrike described North Korean actors as the largest threat group targeting cryptocurrency users by value stolen. The company stated that the campaigns prioritized high-value targets, including exchanges, DeFi platforms, and individual investors with significant holdings. Proceeds, CrowdStrike assessed, were 'almost certainly laundered to fund the regime's military programs.' This aligns with earlier findings from the United Nations Panel of Experts, which has documented how North Korea uses cyber theft to bypass international sanctions and generate revenue for its weapons of mass destruction programs.
High-Profile Exploits and Their Impact
The G7's renewed call comes amid a series of high-profile exploits with suspected links to North Korean actors. In April 2026, the Drift Protocol, a decentralized exchange built on the Solana blockchain, suffered a $285 million exploit. Security researchers quickly linked the attack to North Korean threat actors based on the techniques used and the flow of funds. A month later, in June 2026, the Humanity Protocol breach resulted in the loss of approximately $36 million. These incidents have heightened concern among regulators and industry participants about the vulnerability of the crypto ecosystem to state-sponsored theft.
The impact of these thefts goes beyond the immediate financial losses. They undermine trust in blockchain technology and decentralized finance, which rely on a reputation for security and transparency. Moreover, they provide a steady stream of funding for a regime that has consistently violated international law through its nuclear and missile tests. The United Nations and individual nations have repeatedly condemned North Korea's weapons programs, but without effectively cutting off the financial lifelines that sustain them, these condemnations have had limited practical effect.
In response to the growing threat, some countries have introduced new regulations targeting cryptocurrency mixing services and unregulated exchanges. For example, the Financial Action Task Force (FATF) has updated its guidance on virtual assets to include specific recommendations for countering North Korean money laundering. However, implementation remains uneven, and North Korean hackers have proven adept at exploiting gaps in the global regulatory framework.
North Korea Rejects Allegations
North Korea has consistently denied any involvement in cybercrime or cryptocurrency theft. In a statement published by the state-run Korean Central News Agency (KCNA) on May 3, 2026, a Foreign Ministry spokesperson accused the United States of spreading false information and described claims of a North Korean cyber threat as politically motivated 'slander.' The spokesperson argued that the accusations were part of a US-led campaign to tarnish North Korea's image and justify further sanctions.
This denial is typical of Pyongyang's strategy of plausible deniability, but it is widely dismissed by security researchers and governments who have traced multiple attacks back to North Korean infrastructure and modus operandi. In 2019, the United Nations panel of experts identified North Korea as the culprit behind the 2014 Sony Pictures hack and the 2017 WannaCry ransomware attack, among other incidents. More recently, the US Department of Justice has indicted several North Korean individuals for their alleged roles in cyber theft schemes, though extradition is not possible due to the lack of diplomatic relations.
The disconnect between North Korea's public statements and the overwhelming evidence of its cyber activities poses a challenge for international diplomacy. While the G7's call for joint action is a step in the right direction, experts argue that more concrete measures are needed, such as coordinated sanctions enforcement, information sharing among financial intelligence units, and strategic de-platforming of North Korean-linked wallets and services. Private sector cooperation is also crucial, as many crypto exchanges and DeFi projects lack the resources or incentives to adequately vet users and transactions.
Historical Context and Broader Implications
The G7's focus on North Korean crypto theft is part of a broader trend of governments acknowledging the national security implications of decentralized digital assets. Since the 2017 CryptoKorea boom, North Korea has become one of the most prolific state-sponsored cyber actors in the cryptocurrency space. According to data from Chainalysis and other firms, the bulk of DPRK-linked thefts occurred after 2020, coinciding with the rapid growth of DeFi and the increasing value of digital assets.
The methods used by North Korean hackers have become more sophisticated over time. In earlier years, they relied heavily on malware campaigns and simple exchange hacks. More recently, they have employed social engineering techniques to trick employees into granting access to internal systems, often by posing as recruiters or investors on professional networks like LinkedIn. One notable case involved the hack of the crypto exchange KuCoin in 2020, which was later attributed to North Korean actors. The attackers used a combination of phishing emails and malware to steal over $280 million worth of cryptocurrency.
Another significant incident was the theft from the Axie Infinity's Ronin bridge in March 2022, where North Korean hackers made off with approximately $620 million. This attack involved a sophisticated scheme that included fake job offers to former Sky Mavis employees and the compromise of multiple validators. The Ronin hack remains one of the largest crypto thefts in history and highlighted the vulnerability of cross-chain bridges to state-sponsored attacks.
The proceeds from these thefts are believed to be used not only for the development of nuclear weapons and ballistic missiles but also for the sustenance of the Kim regime. Reports from defectors and intelligence sources indicate that the stolen funds are laundered through a complex web of transactions involving casinos, real estate, and businesses in China and other countries. The United Nations has estimated that North Korea earns between $1.5 billion and $2 billion annually from cybercrime, making it a critical source of hard currency for the isolated regime.
The G7's inability to specify enforcement measures reflects the difficulty of multilateral coordination on such a sensitive issue. Different member states have varying levels of regulatory oversight over cryptocurrencies, and some are reluctant to impose strict measures that could harm their domestic crypto industries. Moreover, the lack of a universal definition of 'cybercrime' and the challenges of attributing attacks to state actors complicate efforts to hold North Korea accountable through international law.
Nevertheless, the continued attention from the G7 and other international bodies puts pressure on countries like China, which is often accused of turning a blind eye to North Korean cyber activities conducted from its soil. In recent years, China has taken steps to crack down on cryptocurrency trading and money laundering, but enforcement remains sporadic. The G7's call for joint action may serve as a signal to Beijing that its cooperation is needed to effectively counter the North Korean cyber threat.
As the cryptocurrency industry continues to mature, the need for robust security and compliance measures becomes ever more apparent. The G7's statement, while lacking in specifics, underscores the urgency of the issue and the importance of collective action. For now, the onus remains on individual governments, financial institutions, and crypto platforms to implement stronger safeguards and to share intelligence in order to disrupt the flow of illicit funds to North Korea.
Source: Cointelegraph News