G7 leaders have for the first time grouped North Korean cybercrime alongside nuclear weapons, following a series of cryptocurrency thefts that are expected to cause hundreds of millions of dollars in losses in 2026.
G7 leaders issued a joint statement on the widespread theft of cryptocurrency assets orchestrated by hacking groups from the Democratic People's Republic of Korea (DPRK).
Meeting in Évian-les-Bains, France, on June 17, G7 leaders issued a new warning about Pyongyang's cryptocurrency theft activities in a broader statement on geopolitical issues, placing cryptocurrency theft alongside Iran's nuclear ambitions and the war in Ukraine as a top security concern. The statement reiterated the need to work together to address North Korea's cryptocurrency theft and cybercrime.
Notably, this marks the first time the G7 has grouped North Korean cybercrimes alongside nuclear weapons and missile programs, a critical security issue, following similar concerns raised at the 2025 G7 Kananaskis summit, where crypto assets were linked as a major source of funding for the regime's weapons program.
New evidence from major mining operations in 2026
G7 leaders pledged closer cooperation to combat the abuse of digital financial networks, with North Korea specifically named as one of the countries using digital networks to circumvent sanctions and finance military ambitions.
In 2026 alone, North Korea was involved in several large-scale cryptocurrency mining operations, providing new evidence bolstering G7 leaders' concerns. Notably, Drift Protocol, a Solana based exchange, lost over $250 million on April 1st, and in its post-incident report, revealed the mining operation was only possible due to institutional backing.
According to Drift Protocol, the process began in October 2025 when attackers approached them at an industry conference to collaborate, then immediately planned to exploit the vulnerability once they gained access; chain analytics firm Elliptic then contacted these actors to DPRK's operational teams.
Just about a week before the G7 meeting, the decentralized Humanity Protocol project also suffered a withdrawal of over $35 million. Security firm Quantstamp said a phishing email disguised as a Token Lockup update notification from the South Korean exchange Bithumb tricked an employee into installing malware, giving the attacker full remote access to the company's computers, and Quantstamp later linked this operation to the DPRK.
North Korea has not yet commented on the latest allegations. When faced with similar accusations in May, a Foreign Ministry spokesperson dismissed them, saying Washington was spreading inaccurate narratives about a cyber threat that it called non-existent, according to state media.
Observers believe the G7 is likely to push for standardized Chia of perpetrators among intelligence agencies, expedite the freezing of flagged wallets on exchanges, and put pressure on smaller jurisdictions still operating on offshore platforms.
The UN Security Council has separately documented in detail North Korea's methods of evading sanctions, giving the G7 a ready-made dossier to build upon.
