Ripple is sharing internal threat intelligence on North Korean hackers with the Crypto ISAC to help firms identify social engineering campaigns that have caused over $500 million in losses.

Key Points

• Ripple is providing data on North Korean threat actors, including suspicious LinkedIn profiles and contact information, to the Crypto ISAC.
• Recent breaches, including the $285 million Drift hack and $292 million Kelp exploit, were driven by long-term social engineering rather than smart contract bugs.
• North Korean operatives are increasingly infiltrating crypto firms by posing as legitimate job candidates to gain internal access and bypass traditional security tools.
• Legal disputes are emerging over frozen assets, such as 30,765 ETH linked to the Kelp exploit, as victims attempt to claim funds from North Korean-linked attacks.

Why it Matters

This initiative marks a strategic shift in crypto security, moving from code-based defenses to collaborative human-centric intelligence sharing. By standardizing how firms vet potential employees, the industry aims to close the information gaps that allow state-sponsored actors to move undetected between companies.