North Korean Hacking Groups Account for 76% of 2026 Crypto Losses

North Korean state-sponsored actors have solidified their dominance in the digital asset exploitation landscape, accounting for 76% of all stolen crypto funds during the first portion of 2026. This concentration of illicit activity stems from a small number of high-impact breaches that have drained liquidity from decentralized finance protocols. The scale of these losses suggests a shift toward more aggressive targeting of bridge infrastructure and decentralized trading platforms.

Concentration of Capital Outflows

The majority of the year-to-date losses are tied to two specific events that occurred in April. The Drift Protocol breach on April 1 and the KelpDAO bridge exploit on April 18 resulted in a combined loss of $577 million. These incidents demonstrate the vulnerability of cross-chain bridges and liquidity pools to sophisticated infiltration techniques. The rapid extraction of these assets has forced protocols to pause operations and implement emergency security measures to prevent further drainage.

The impact of these hacks extends beyond the initial loss of capital. When major protocols lose significant liquidity, the knock-on effects often include a sharp decline in total value locked and a loss of user confidence in the underlying smart contracts. As these stolen funds are moved through mixing services and decentralized exchanges, the ability of protocols to recover assets remains limited. This trend is consistent with the patterns observed in Lazarus Group April Exploits Drain $635M from DeFi Protocols.

Structural Risks in DeFi Infrastructure

Security researchers point to the complexity of bridge architecture as a primary vector for these attacks. Because bridges often hold large reserves of cross-chain assets, they represent high-value targets for groups capable of executing coordinated exploits. The efficiency with which these funds are moved and obfuscated after the initial breach complicates recovery efforts for both the affected protocols and the broader crypto market analysis.

AlphaScala data currently tracks several companies across the technology and financial sectors that may face indirect exposure to broader digital asset volatility or security-related infrastructure spending:

• Southern Company (SO): Alpha Score 44/100, label Mixed, sector Utilities, stock page SO stock page
• ON Semiconductor Corporation (ON): Alpha Score 45/100, label Mixed, sector Technology, stock page ON stock page
• Allstate Corporation (ALL): Alpha Score 66/100, label Moderate, sector Financials, stock page ALL stock page

These scores reflect the current market positioning of these firms, though they do not account for specific exposure to the recent surge in protocol-level security breaches. The next critical marker for the industry will be the release of updated security audit standards and the potential implementation of stricter cross-chain verification protocols. Market participants should monitor whether these security failures lead to a sustained decline in liquidity across major DeFi platforms or if developers can successfully implement more robust, decentralized security layers to mitigate future risks.