TRM Labs’ April 30 report found that North Korean hackers stole approximately $577 million in cryptocurrency between January and April 2026 — a figure that accounted for 76% of all global crypto hack losses in that period .
A follow-up report released July 1 covering the full first half of 2026 found that the total had grown to roughly 1 trillion Korean won (about $760 million), representing approximately two-thirds (67%) of global virtual currency hacking damages . The slight drop in percentage share is because other regions’ hack activity increased in May and June, but North Korea still dominated.
Perhaps the most striking finding: the $577 million stolen through April came from just two major attacks :
TRM Labs identified two distinct North Korean hacker groups as responsible for these attacks, illustrating that Pyongyang’s cyber operations are not a single unit but a coordinated ecosystem of specialized teams .
North Korea’s share of global crypto hack losses has grown consistently in recent years: 22% in 2022, 37% in 2023, 39% in 2024, 64% in 2025, and now 76% in early 2026 . Cumulatively, TRM Labs estimates that North Korean-linked actors have stolen more than $6 billion in cryptocurrency since 2017
, while G7 sources place the cumulative figure at approximately $6.75 billion through mid-2026
.
The G7 summit in Évian-les-Bains, France, held in June 2026, marked a turning point in how the international community treats North Korea’s crypto theft .
The Évian statement rests on three concrete pillars, according to reporting from the summit: policy coordination across member governments, tighter screening of cryptocurrency exchanges and DeFi platforms, and expanded sanctions against entities that facilitate North Korean cybercrime .
The G7 elevation signals that DeFi platforms, exchanges, and blockchain infrastructure face increasing regulatory scrutiny. Governments may tighten requirements for:
The THM Labs report and the G7 response together make clear that North Korea’s crypto theft is no longer a niche cybersecurity issue — it is now a first-order geopolitical and regulatory concern with direct implications for how the crypto industry operates globally.