Ripple Plans to Share North Korean Threat Intelligence with Crypto Industry

Key Takeaways:

• Ripple plans to share threat intelligence on North Korean hackers with the cryptocurrency industry.
• Attack methods are shifting from code exploits to social engineering and insider infiltration.
• Recent attacks linked to the Lazarus Group have resulted in over $500 million in losses.

Ripple has announced it will share internal threat intelligence on North Korean hackers with the crypto industry. The firm is making a strategic shift in how the industry approaches security and hacks. The move comes as attackers increasingly abandon traditional smart contract exploits and find new ways to exploit the industry. 

Unlike earlier decentralized finance (DeFi) hacks that target vulnerabilities in code, recent incidents involve hackers infiltrating organizations by befriending contributors. The hackers spend months building trust before deploying malware and gaining access to critical systems. 

Inside the Drift and Kelp Incidents

According to Crypto ISAC, the recent Drift breach demonstrates this new approach. Hackers inserted themselves within the organization, eventually extracting private keys without triggering conventional security alarms. Due to this, the hackers were able to move $285 million without anyone noticing. 

Similarly, the Kelp exploit in April resulted in a $292 million hack in ether (ETH), with both incidents attributed to the Lazarus Group. Combined losses from these hacks exceed $500 million within a single month. 

Industry Collaboration Becomes Critical 

Ripple is now providing Crypto ISAC with detailed data, such as email addresses, LinkedIn profiles, and contact information, tied to suspected hacks. This shared intelligence enables firms to identify repeat attackers across hiring pipelines and prevent further attempts. 

Ripple said, “The strongest security posture in crypto is a shared one. A threat actor who fails a background check at one company will apply to three more that same week. Without shared intelligence, every company starts from zero.”

The growing scale of these hacks is also influencing legal disputes. A recent case involving Arbitrum DAO and Aave highlights how stolen crypto assets linked to North Korean hackers are now being contested under U.S. law. While the industry-wide intelligence sharing is progressing, questions remain over whether it can effectively counter increasingly sophisticated hacking campaigns.