Pyongyang-linked hackers secured over $577 million in April through sophisticated exploits of Drift Protocol and KelpDAO, signaling a dangerous new era of AI-enhanced social engineering and precision digital warfare.
The digital battlefield has shifted into a high-intensity phase as North Korean state-sponsored actors successfully executed two massive heists in April 2026, siphoning approximately $577 million from the Drift Protocol and KelpDAO. According to data from TRM Insights, these two operations alone account for 76 percent of all cryptocurrency theft recorded globally this year. This aggressive campaign underscores a broader strategy by the Kim regime to bypass international sanctions and fund its kinetic military ambitions through decentralized finance vulnerabilities.
The breach of Drift Protocol on April 1, resulting in a $285 million loss, revealed a patient and sophisticated adversary. Investigators found evidence of three weeks of on-chain staging and months of meticulous social engineering. The attackers utilized a durable nonce exploit to maintain access, a technique that demonstrates a deep understanding of blockchain architecture. Similarly, the $292 million KelpDAO hack on April 18 exploited compromised RPC nodes and a single-verifier flaw in the LayerZero protocol. While $75 million remains frozen on Arbitrum, the majority of the funds have been laundered through THORChain into Bitcoin, following a well-worn path of digital evasion.
Intelligence analysts now warn that Pyongyang is integrating artificial intelligence into its reconnaissance and social engineering efforts. By using AI to craft more convincing personas and identify technical weaknesses with greater precision, these state actors are moving beyond crude phishing toward surgical strikes. This evolution in tactics coincides with a broader surge in systemic risk, as evidenced by Oracle’s April 2026 Critical Patch Update, which addressed 481 flaws, including 139 in communications infrastructure that were remotely exploitable without authentication.
The threat is not limited to financial protocols. Hewlett Packard Enterprise (HPE) recently issued an emergency security advisory regarding its Telco Service Orchestrator, highlighting the vulnerability of the very backbone of Western connectivity. As ransomware incidents remain high—with Emsisoft reporting over 2,300 incidents in the first quarter of 2026—the United States continues to bear the brunt of these attacks, serving as the victim in nearly 65 percent of global cases.
Washington’s response to this digital siege remains focused on defensive patching and post-incident analysis, but the scale of the North Korean successes suggests a need for a more robust doctrine of digital sovereignty. With North Korea’s cumulative theft exceeding $6 billion, the line between cybercrime and national security threat has effectively vanished. As these adversaries adopt frontier AI models to automate their offensives, the cost of maintaining a reactive posture is becoming unsustainable for American economic and technological leadership.
Ryan Mitchell serves as a Staff Writer for Just Right News, where he anchors the desk for Cyber, Technology Policy, and Digital Sovereignty. In an era where the digital landscape has become as much a battlefield as any physical territory, Ryan provides a critical conservative lens on the forces shaping the future of American innovation and national security. His work is defined by a commitment to the idea that American leadership in the digital age is not just a matter of economic success, but a necessity for the preservation of global liberty.
Born and raised in Austin, Texas, Ryan’s perspective is deeply rooted in the Lone Star State’s tradition of independence and skepticism of centralized authority. Growing up in a city that transformed from a quiet state capital into a global technology hub, he witnessed firsthand the disruptive power of the tech industry. This upbringing instilled in him a firm belief in free-market principles and the necessity of protecting individual liberties from both government overreach and corporate overstep. His Texan background serves as a foundational compass, guiding his reporting toward stories that emphasize national resilience and the preservation of constitutional values in an increasingly virtual world.
Now based in San Francisco, California, Ryan operates from the epicenter of the very industry he scrutinizes. Living and working in the heart of Silicon Valley allows him to provide “boots on the ground” reporting that few conservative journalists can match. He navigates the cultural and political complexities of the Bay Area to bring Just Right News readers an inside look at the boardrooms and coding labs where the next generation of digital policy is forged. For Ryan, being stationed in San Francisco is a strategic choice; it allows him to challenge the prevailing ideological monoculture of the tech elite from within their own backyard, ensuring that the concerns of middle America are represented in the conversation about our digital future.
His beat—Cyber, Technology Policy, and Digital Sovereignty—covers the high-stakes world of data privacy, artificial intelligence, and the infrastructure of the modern web. Ryan is particularly focused on the concept of digital sovereignty, arguing that for a nation to remain truly free, it must maintain control over its own technological destiny and critical infrastructure. He frequently explores how international regulations and domestic policies impact the ability of American firms to compete without sacrificing the privacy or security of their citizens.
Central to his current body of work is his featured series, “The New Cold War.” Through this project, Ryan examines the escalating technological rivalry between the United States and its global adversaries. He delves into the complexities of state-sponsored hacking, the global race for semiconductor dominance, and the ideological struggle to define the rules of the internet. Ryan views this competition not merely as a commercial race, but as a fundamental defense of Western values against authoritarian digital models. Through his rigorous reporting and principled analysis, Ryan Mitchell ensures that the readers of Just Right News stay informed about the invisible forces defining the 21st century, always advocating for a future where technology serves the cause of freedom.