Group of Seven (G7) leaders have renewed their call for joint action against North Korean cryptocurrency thefts and cybercrime, broadening the scope of warnings issued at previous summits. In a statement adopted during this week's G7 summit in Évian-les-Bains, France, the leaders expressed “deep concern” over North Korea’s nuclear and ballistic missile programs, which the United Nations and security researchers have linked to funds derived from crypto heists and other cyber operations.

Background on the G7 Stance

The G7 first explicitly referenced North Korean cryptocurrency thefts after its June 2025 summit in Canada, when the group's chair called for members to jointly address “DPRK cryptocurrency thefts fueling” the country’s nuclear and ballistic missile programs. The latest statement broadens that warning to include wider cybercrime, reflecting the evolving nature of threats posed by North Korean actors. However, the leaders did not specify how members should act on the call, making no mention of concrete measures such as exchange screening, sanctions, or actions against mixing services often discussed in connection with North Korean crypto laundering.

The lack of specific enforcement mechanisms has drawn criticism from some experts who argue that without targeted actions—like blocking addresses associated with North Korean hackers or imposing stricter Anti-Money Laundering (AML) requirements on exchanges—the declaration remains largely symbolic. Nonetheless, the repeated emphasis at the highest diplomatic level signals growing recognition of the scale of the problem.

Historical Timeline of North Korean Crypto Heists

North Korea’s involvement in cryptocurrency theft is not new. Security researchers have traced a series of high-profile hacks to state-sponsored groups such as Lazarus Group, BlueNoroff, and APT38. According to blockchain analytics firm Chainalysis, North Korean hackers stole at least $2 billion in crypto in 2025, pushing the all-time total attributed to DPRK-affiliated actors to at least $6.75 billion since 2016. The firm noted that despite carrying out fewer confirmed attacks, the hackers generated larger returns by targeting high-value platforms and using sophisticated social engineering tactics.

Key incidents from 2025 include the roughly $285 million Drift Protocol exploit in April and the $36 million Humanity Protocol breach in June. Both operations exhibited hallmarks of North Korean involvement, including the use of fake identities, recruitment scams, and insider access. Earlier major heists include the $615 million Axie Infinity hack in 2022, the $100 million Harmony Bridge exploit, and the $850 million Bithumb hack in 2017. The cumulative impact has been immense, with funds allegedly funneled to support North Korea's weapons programs, including its nuclear arsenal and ballistic missile development.

Modus Operandi of North Korean Hackers

North Korean cyber actors have evolved their tactics over the years. According to a CrowdStrike report published on May 15, 2026, North Korean actors are now the largest threat group targeting crypto users by value stolen. The cybersecurity company described campaigns that prioritize high-value targets, with proceeds “almost certainly laundered to fund the regime’s military programs.” Common techniques include:

• Social engineering and recruitment scams: Hackers pose as recruiters or investors on platforms like LinkedIn to gain access to internal systems of crypto companies.
• Embedding IT workers: North Korean operatives infiltrate crypto firms by obtaining remote jobs as developers or engineers, using stolen or forged identities to bypass background checks.
• Spear-phishing and malware: Targeted emails with malicious attachments or links are sent to employees at exchanges and DeFi protocols.
• Laundering through mixers and cross-chain bridges: Stolen funds are routed through privacy tools like Tornado Cash (despite sanctions) and decentralized exchanges to obscure their trail.

Chainalysis highlighted that these hackers are becoming more efficient, generating bigger returns per attack despite a lower overall number of incidents. The ability to adapt and refine techniques has made them a persistent threat to the crypto ecosystem.

Accusations and Denials

North Korea has consistently rejected allegations that it poses a cyber threat. In a May 3 statement published by state news agency KCNA, a Foreign Ministry spokesperson accused the United States of spreading false information and described claims of a North Korean cyber threat as politically motivated “slander.” The spokesperson urged the international community to disregard what they called a smear campaign designed to isolate the country.

Despite these denials, evidence continues to mount. United Nations reports have documented multiple cases of cyberattacks linked to North Korean entities, and several cybersecurity firms have shared forensic evidence connecting specific wallets and techniques to Pyongyang. The sheer volume of stolen funds—exceeding $6.75 billion—makes it difficult to dismiss the claims as mere propaganda.

International Response Challenges

The G7's call for joint action highlights the difficulties in coordinating a unified international response. While individual countries have imposed sanctions on North Korean entities and individuals, the decentralized nature of cryptocurrency allows hackers to move funds across borders with relative ease. Different regulatory frameworks between nations create loopholes that malicious actors exploit.

Some experts have proposed creating a global blacklist of wallet addresses associated with North Korean hacks, similar to the U.S. Treasury's Office of Foreign Assets Control (OFAC) sanctions list. Others advocate for mandatory Know Your Transaction (KYT) protocols on all exchanges. However, implementing these measures requires broad consensus and technical cooperation, which remains elusive.

The G7 statement, while lacking specifics, serves as a political signal that the world's leading economies are taking the threat seriously. It may pave the way for more concrete actions in future summits, such as joint sanctions, intelligence sharing, and coordinated law enforcement operations. In the meantime, crypto companies are urged to enhance their security measures and vetting processes to protect against infiltration by North Korean operatives.

As the landscape continues to evolve, the G7's renewed focus on North Korean cybercrime underscores the urgency of addressing a problem that not only threatens financial systems but also contributes to global security risks.

Source:Cointelegraph News