Ripple Hands Crypto ISAC Members A Weapon Against North Korean Infiltration

Ripple(XRP) is now feeding the crypto industry exclusive North Korean threat intelligence through Crypto ISAC, a move that follows a wave of insider attacks linked to roughly $577 million in stolen funds.

Ripple Opens DPRK Intel

The company confirmed the contribution on May 4, sharing the data through Crypto ISAC, the sector's information sharing and analysis center. Coinbase and other founding members are among the first integrating the new feed.

The shared material covers fraud-linked domains, wallets, and indicators of compromise tied to active campaigns. It also includes detailed profiles of suspected DPRK operatives, with LinkedIn accounts, emails, phone numbers, locations, and behavioral patterns attached to each entry.

Crypto ISAC said this level of contextual data has never been shared between members before.

The exchange runs through a new API that normalizes Web2 and Web3 indicators for direct integration into security operations.

Also Read:Big Money Floods Dogecoin: Whales Stack 160M DOGE In Just 96 Hours

Why Experts Call It A Shift

Erin Plante, director of brand security and intelligence at Ripple, said the updated API marks a step forward in how intelligence moves across the ecosystem. She said the result is higher-quality data the company can plug straight into its security workflows.

Justine Bone, executive director of Crypto ISAC, argued that information sharing has long been treated as optional, and that Ripple's contribution turns shared data into an actionable defense strategy the wider industry can build on. Coinbase Chief Information Security Officer Jeff Lunglhofer said the data model preserves context and confidence rather than raw indicators alone.

The urgency comes from a clear pattern. According to TRM Labs data cited in the announcement, North Korean actors account for 76% of all crypto hack losses so far in 2026.

Recent DPRK Crypto Strikes

The Drift Protocol breach, which moved roughly $285 million, did not involve a smart contract bug. Operatives spent months building trust with contributors before deploying malware that captured multisig keys, bypassing standard detection systems entirely.

The Lazarus Group has also been tied to the recent KelpDAO attack, which resulted in losses of around $290 million to $292 million. Earlier, the FBI confirmed North Korea's role in the $1.5 billion theft from the Bybit exchange, and Chainalysis data shows DPRK-linked actors stole more than $2 billion across 2025, pushing their cumulative haul above $6.7 billion.

Read Next:Why Polygon Just Buried Stablecoin Details Beneath Zero-Knowledge Proofs