Weekly Cybersecurity Roundup: North Korean Hackers Dominate Crypto Theft
In an ongoing weekly roundup of cybersecurity incidents related to digital assets, it was reported that North Korean hackers are responsible for a staggering 76% of all cryptocurrency theft losses incurred in the first four months of this year. This alarming data was highlighted by cybersecurity firm TRM Labs, which noted that these state-sponsored attackers executed just two major hacks that accounted for significant financial losses. The first was the Drift Protocol hack on April 1, resulting in the theft of $285 million, followed shortly by an April 18 attack on KelpDAO, which netted an additional $292 million.
TRM Labs emphasized that this pattern of achieving high levels of theft with relatively few attacks has been characteristic of North Korea’s hacking strategy since 2017. The country’s motivated endeavors to steal cryptocurrency serve a dual purpose: funding programs for developing weapons of mass destruction and injecting essential foreign currency into its struggling economy. Notably, previous years showed that North Korea’s share of crypto theft losses skyrocketed from less than 10% in 2020 to around two-thirds in 2025.
The methods employed in these hacks revealed a division in money laundering strategies. The group behind the Drift Protocol exploit adhered to a well-established North Korean pattern of holding onto the stolen funds for extended periods before executing a multi-phase cashout. In a different tactic, the KelpDAO hackers rerouted the looted crypto to Chinese intermediaries. This was evidenced by their utilization of a Bitcoin wallet controlled by a Chinese broker, which had been indicted by U.S. federal prosecutors for laundering stolen cryptocurrency.
Major Criminal Cases and Incidents
In other significant news, Maximilien de Hoop Cartier, a descendant of the famed Cartier jewelry family, received an eight-year prison sentence for orchestrating a massive $470 million money laundering scheme through an unlicensed cryptocurrency exchange. Prosecutors revealed that his illegal operations funneled money through U.S. bank accounts linked to drug trafficking in Colombia. Following his guilty plea for operating an unlicensed money-transmitting business and conspiracy to commit bank fraud, the court mandated the forfeiture of approximately $2.36 million in profits along with the seizure of related accounts.
Meanwhile, Benjamin Pasternak, the founder of the popular social media and finance app Believe, was arrested by New York police due to charges of second-degree strangulation and third-degree assault. He has pleaded not guilty to these charges stemming from an incident that occurred on March 31. Concurrently, Pasternak faces a class-action lawsuit accusing him and his team of misleading investors, which allegedly led to considerable financial losses. This lawsuit centers around a forced transition from the platform’s original token to the Believe token, a move criticized by plaintiffs as it created additional tokens for insiders, thereby diluting existing holdings’ value.
In another incident, the U.S. Department of the Treasury sanctioned Cambodian senator Kok An and numerous associates for their involvement in extensive scam operations targeting American citizens. Authorities assert that these scams often involve coercion and forced labor, compelling victims to invest their money in cryptocurrency under false pretenses of high returns.
Adding to the complexity of ongoing cybercrime issues, a U.S. Army soldier named Gannon Ken Van Dyke was arrested for allegedly using classified military information for profit by placing bets on a prediction platform related to Venezuelan leader Nicolas Maduro’s capture. He reportedly accumulated significant wagers based on insider information, leading to charges of wire fraud and commodities law violations, to which he has pled not guilty.
Emerging Threats and Regulatory Movements
On the technological front, Litecoin suffered a coordinated attack that exploited a vulnerability in its MimbleWimble Extension Block privacy feature. The attackers caused a rollback of transactions lasting over three hours, manipulating the system to make invalid transactions appear legitimate. The team at the Litecoin Foundation has addressed the issue, rectifying the vulnerability and removing fraudulent transactions from their blockchain, although some trading platforms reported incurred losses.
In a bid to combat growing fraud, Tennessee has enacted a law banning crypto ATMs, turning such operations into a misdemeanor punishable by up to one year in jail and a $2,500 fine. This legislative move reflects a trend observed in other states, notably Indiana, aimed at reducing scams that have predominantly affected older adults. Last year’s Federal Bureau of Investigation (FBI) report indicated that nearly $390 million in losses were tied to scams involving crypto ATMs, with false impersonations often playing a role in these schemes.
Lastly, Tether, a key player in the cryptocurrency market, froze more than $344 million worth of its USDT stablecoin in two wallets identified on the Tron blockchain, marking one of the most substantial asset freezes in the company’s history. This action was taken in collaboration with U.S. enforcement agencies, following reports of potential illicit activities.
As the landscape of cybercrime targeting cryptocurrency evolves, the market continues to face significant challenges from state-sponsored attacks, fraudulent schemes, and regulatory measures aimed at protecting consumers and financial stability.