North Korea Strongly Denies Crypto Theft Allegations, Slams 'Reptile Media'... Data Points to 2026 Hacking Market Monopoly

On Monday, May 4, 2026, North Korea dismissed international allegations of cryptocurrency theft as "absurd slanders" and slammed the media outlets spreading them as "reptile media." The North Korean Ministry of Foreign Affairs claimed these U.S. assertions are a political conspiracy to justify hostile policies against the country and warned of a strong response.

However, analysis from blockchain security firms shows a pattern directly opposite to North Korea's claims. During the first half of 2026, North Korea-linked hackers recorded an overwhelming share of the global cryptocurrency hacking market, stealing hundreds of millions of dollars through just a few attacks.

According to the Korean Central News Agency (KCNA), a spokesperson for the North Korean Ministry of Foreign Affairs criticized U.S. government agencies and "reptile media" for fabricating North Korea's "cyber threats" in a statement on May 4, 2026. The spokesperson argued that these actions are an attempt to instill a negative perception of North Korea in the international community and are a typical U.S. tactic to increase pressure based on non-existent threats.

"Recently, U.S. government agencies, reptile media outlets, and conspiratorial organizations have been spreading false perceptions of our Republic to the international community and clamoring about non-existent 'cyber threats.' This is a despicable plot to damage our image and justify hostile policies."

This strong denial comes at a time when international investigations into recent large-scale cryptocurrency hacking incidents are intensifying. In particular, controversy escalated as the security incidents at Drift Protocol and KelpDAO in April were identified as the work of the Lazarus Group, a hacking organization under North Korea's Reconnaissance General Bureau.

Record-Breaking Hacking in April 2026 and North Korea's Market Share

Blockchain analytics firm TRM Labs released a report stating that approximately 76% of cryptocurrency funds stolen between January and April 2026 are linked to North Korea. According to the report, although North Korea accounted for only 3% of the total number of hacking incidents, it maximized the precision and scale of its attacks to secure approximately $577 million in funds.

• The theft of $285 million in assets due to the Drift Protocol hack on April 1, 2026.
• The theft of $292 million by exploiting bridge vulnerabilities in the decentralized finance platform KelpDAO.
• North Korea-linked attacks accounted for the vast majority of losses among the 29 total hacking incidents in April 2026.

These figures show that the record-breaking criminal behavior of 2025 is intensifying in 2026. According to data from Chainalysis, North Korea stole approximately $2.02 billion throughout 2025, showing a 51% growth compared to the previous year, and it is estimated that the total amount of cryptocurrency stolen by North Korea to date has exceeded $6.7 billion.

The North Korean Ministry of Foreign Affairs completely denied these data-driven analysis results and warned that it could take retaliatory measures against U.S.-led "political manipulation." Mentioning the tension on the Korean Peninsula, the spokesperson threatened that the U.S. would face a strong response if it did not stop spreading false information in cyberspace.

Vulnerabilities in the DeFi Ecosystem and State-Led Cybercrime

Security experts are expressing concern that North Korea is specifically targeting the Decentralized Finance (DeFi) sector. DeFi protocols often have less robust security systems compared to traditional financial institutions and tend to be easily exposed to sophisticated social engineering attacks or code vulnerability analysis by North Korean hackers who utilize state-level resources.

According to an analysis by Dark Reading, these cyber thefts function as a key funding source for North Korea's nuclear weapons and missile development programs, beyond simple economic gain. In a situation where foreign currency earnings are blocked due to international sanctions, cryptocurrency hacking is evaluated as the most efficient revenue-generating means for the North Korean regime.

Ultimately, cryptocurrency market participants are in a harsh environment where they must protect themselves against state-level threats. Experts warn that unless individual users and platforms dramatically increase their security levels, attacks by state-led actors like North Korea will continue and their scale will expand further.