What is Ripple doing with DPRK threat intelligence?

Ripple is sharing North Korea-linked threat intelligence with the Crypto ISAC. The data includes fraud domains, wallets and active attack campaigns. The goal is to help crypto firms better detect and prevent threats.

Why is this initiative important for crypto security?

The move targets a growing trend where attackers try to infiltrate companies through people rather than just software exploits. By sharing intelligence, firms can identify suspicious actors earlier. This strengthens industry-wide defence.

What type of data will be shared?

The programme includes suspicious domains, wallet addresses and indicators of compromise linked to DPRK activity. It also adds contextual and identity-based signals. This helps security teams connect patterns across multiple attacks.

How will crypto companies use this information?

Firms can use the data to screen job applicants, contractors and vendors before granting access. This reduces the risk of insider threats. It adds a new layer of due diligence beyond traditional cybersecurity checks.

What is Crypto ISAC and how does it work?

Crypto ISAC is an information-sharing network for crypto companies focused on security threats. It distributes intelligence through an API that standardises Web2 and Web3 data. Members can integrate this data into their security systems.

What role does the Crypto ISAC API play?

The API allows real-time sharing of threat data with context and confidence levels. It links related indicators to provide a clearer picture of risks. This makes the intelligence more actionable for security teams.

Which companies are already using this system?

Coinbase is among the early adopters of the Crypto ISAC system. This suggests major industry players are supporting shared security efforts. Adoption by large firms could drive wider usage.

Why are DPRK-linked threats a concern in crypto?

North Korea-linked groups have been associated with large-scale crypto hacks and fraud campaigns. These actors often target exchanges and DeFi platforms. Their activities pose systemic risks to the industry.

Ripple shares DPRK threat data with crypto ISAC

Written by Isaac FrancisPublished May. 5 2026

Ripple will provide North Korea-linked threat intelligence to the Crypto ISAC, expanding efforts to combat fraud and infiltration across the crypto industry.

The programme will distribute data on suspicious domains, wallets and active campaigns linked to the Democratic People’s Republic of Korea, helping firms screen applicants, contractors and vendors.

Ripple said the intelligence includes contextual signals and identity-linked indicators to support more effective risk assessments across organisations.

“The strongest security posture in crypto is a shared one,” Ripple said, highlighting the need for collaboration against repeat threat actors.

The initiative will be powered by Crypto ISAC’s API, which standardises Web2 and Web3 data and provides context, confidence levels and linked indicators for security teams.

Coinbase is among early adopters of the system, which aims to improve detection of identity-based threats rather than relying solely on technical vulnerabilities.

The move reflects growing concern over coordinated attacks tied to North Korean actors, as crypto firms seek to strengthen collective defence mechanisms.