Ripple Shares Threat Intel After $285M Social Engineering Hack

Ripple is now contributing threat intelligence on North Korean cyber actors to the Crypto Incident Sharing and Analysis Center (Crypto ISAC), a move that follows a $285 million breach that exposed a shift in hacker methodology. The initiative aims to create a collective defense against state-sponsored groups using long-cycle social engineering to infiltrate crypto firms from within.

"For too long, information sharing was seen as optional. Today, it is the gold standard for security," Justine Bone, Executive Director at Crypto ISAC, said. The non-profit helps crypto companies share security information to defend against cyber threats targeting digital assets.

The shared intelligence from Ripple includes fraudulent domains, compromised wallet addresses, and detailed profiles of suspected North Korean IT workers, complete with LinkedIn accounts, emails, and contact numbers. This follows the Drift protocol hack, where attackers spent months building trust with contributors before deploying malware to seize control of multi-signature wallets. The pattern of infiltrating organizations directly, rather than relying on smart contract exploits, has been observed across multiple firms.

This industry-wide intelligence sharing aims to prevent what Crypto ISAC calls a "start from zero" scenario for each company. A threat actor who fails a background check at one firm often applies to three more the same week. April's losses from the Drift and Kelp exploits, both publicly attributed to the Lazarus Group, exceeded half a billion dollars, showing the financial stakes of these coordinated campaigns. The new data feed integrates directly into member security operations, allowing firms to recognize a suspicious job candidate who may have been flagged elsewhere. The move highlights a growing consensus that as security for code tightens, the focus of attacks is shifting to people, making shared human-level intelligence a critical defense.

This article is for informational purposes only and does not constitute investment advice.