North Korea-Linked Hackers Drive Crypto Hacks in Early 2026

North Korea-linked hackers have been making headlines with their series of high-profile crypto hacks in early 2026. Recent data from TRM Labs reveals that the Lazarus Group's subgroup, TraderTraitor, has been responsible for a significant portion of these losses.

The two major attacks that stood out were those against Drift Protocol and Kelp DAO. In the case of Drift Protocol, the hackers utilized a Solana-based social engineering tactic to drain the vaults in just 12 minutes. The attackers had created developer accounts on Solana three weeks prior to the attack, which suggests a long-planned infiltration.

On the other hand, Kelp DAO's hack involved a LayerZero bridge compromise, which is a different entry point compared to the Drift Protocol attack. Both incidents demonstrate the advanced and sophisticated nature of these hacks, with TraderTraitor employing tactics that mimic those used by legitimate companies to infiltrate crypto firms.

The consequences of these attacks are significant, with losses totaling approximately $577 million in just four months. To combat such threats, experts recommend stronger screening measures for bridges and cross-chain protocols, as well as faster response times from authorities and industry players.