BULLISH 📈 : Ripple shares DPRK wallet intel with crypto firms to strengthen AML screening

Ripple will share DPRK hacker intel with crypto firms. Goal: a shared defense against Lazarus attacks.

Ripple will distribute actionable IOCs, wallet addresses, malicious domains, and TTPs tied to North Korean actors to industry peers. The company confirmed the move and its rationale in coverage by The Block: “the strongest security posture in crypto is a shared one” The Block.

The feed is built for automation. Firms can plug the data into security and compliance tools. It aims to support AML and OFAC screening by flagging high‑risk wallets before funds hit mixers or bridges The Block.

Scope targets social engineering and insider access. Hackers pose as job applicants, build trust, then strike. That behavior is the current focus, per Coin Bureau’s summary of the program Coin Bureau on X.

The initiative feeds into Crypto ISAC’s updated real‑time API launched May 4, 2026. The API ingests fraud‑linked wallets, compromised credentials, malicious LinkedIn profiles, and behavior patterns for rapid sharing across firms Crypto ISAC on X.

Lazarus‑linked operations have drained an estimated $577 million from crypto in early 2026. Sector reporting ties the cluster to recent large thefts Coinspeaker.