On June 18, 2026, at the lakeside venue in Évian, leaders from the United States, the United Kingdom, France, Germany, Italy, Japan, and Canada, after a day of discussions on security issues, finally put pen to a rarely direct joint statement: the G7 would no longer just discuss macroeconomics and traditional geopolitical conflicts, but specifically named the cryptocurrency thefts and cyber crimes supported by the North Korean government, calling on the international community to take coordinated action to incorporate this covert funding war into the global security and non-proliferation agenda. The allegations supporting this statement are not without controversy – researchers in the United Nations Security field point out, based on a single source perspective, that North Korea has, under years of sanctions pressure, acquired digital funds through a series of cryptocurrency attacks to evade financial blockades and fund its weapons programs, but the relevant on-chain funding flows and decision-making chains have yet to be comprehensively publicly verified. Just two months before the Évian conference, the Drift Protocol was reported by a single source to have suffered an attack suspected to be related to North Korean hackers, with losses estimated at about $285 million; shortly after, in June, the Humanity Protocol was also reported to have encountered a similar suspected attack, with the extent of the losses and technical details still shrouded in unverified obscurity. These two consecutive incidents brought warnings that originally belonged to the domain of security experts into the public eye, making every reference to “cryptocurrency theft” in the Évian statement carry a more urgent real-world significance.
The G7 Takes a Stand Against North Korea in Évian
In the joint statement released in Évian, the G7 did not clutter their sentences with technical jargon, but instead redefined North Korea's cryptocurrency theft and cyber crime using the most politicized language – “cryptocurrency theft and cyber crime supported by the North Korean government” was directly described as a “serious security threat” and incorporated into the international security and non-proliferation agenda. The elevation in tone is not merely a rhetorical game: researchers from the United Nations Security field, based on a single source viewpoint, indicate that the digital funds obtained through cryptocurrency theft by North Korea are used to evade international sanctions and fund its weapons programs. Essentially, the G7 publicly embraced this logical chain, pulling cases that should belong to financial regulation and cyber law enforcement into the same narrative framework of missile and nuclear programs, as well as sanction games.
The statement’s call for the “international community to take coordinated action” reads like a collective memo sent to finance ministries, intelligence agencies, and cyber security departments of various countries. Without specific terms, without any new sanctions lists, and deliberately leaving details of technical cooperation blank, it directs the attention of the outside world to obvious focal points such as regulatory collaboration, intelligence sharing, and technical defenses through the word “coordination.” For the G7, which has historically surrounded North Korea with multiple layers of containment under the framework of non-proliferation and financial sanctions, this seems more like an extension of policy boundaries: in the past, they locked down bank accounts, foreign exchange settlements, and trade channels; now, what they added in Évian is the funding corridor of cryptocurrency assets that has long existed outside of traditional financial blockades.
The Drift Protocol’s Breach Sounds Alarm
While the Évian communiqué still lingered on the wording of “coordinated action,” specific coordinates had already flashed back in the minds within the industry. In April 2026, the Drift Protocol suffered a sudden security incident, with losses reported by a single source estimated at about $285 million, and several crypto media outlets quickly included it in the list of “cases suspected to be related to North Korean hackers.” However, unlike the rapid public identification by opinion, the officials have not yet provided a final confirmation regarding the identity of the attackers, and even the shocking loss figures carry the label of “single source,” reminding everyone to maintain necessary skepticism and distance regarding specific amounts.
Nevertheless, the image of DeFi protocols being breached is enough to serve as material in the G7 security discourse. For security institutions that have long studied issues related to North Korea, an on-chain theft of nearly hundreds of millions of dollars is no longer just “an incident concerning a particular project,” but a quantifiable signal that can be directly projected onto international security and non-proliferation agendas: according to a single source viewpoint, the digital funds seized by North Korea through similar attacks are used to circumvent sanctions and provide fuel for its weapons programs. From this perspective, cases like the Drift incident are not only risk lessons within the industry but also hard evidence supporting the G7's use of the phrase “serious security threat” in their statement; in their assessment framework for the threat level of North Korea's cyber actions, actual loss figures that occurred have already become an unavoidable foundational metric.
The Humanity Protocol Suffers, Heightened Threats
Just as the loss figures from Drift had not faded from the industry's memory, in June 2026, the Humanity Protocol was once again caught up in an incident similarly tagged with North Korean connections. According to a single source report, this security incident is also suspected to be related to North Korean hackers, but unlike Drift, which soon appeared on various on-chain analysis reports, Humanity only left a few brief statements: an attack occurred, the suspected opponent is identified, but regarding how much was lost or what methods were used, officials did not disclose in detail, let alone provide any clear final attribution. To outside observers, this seems more like a hurriedly covered black cloth, only telling you “something happened here,” but not allowing you to see how big the hole actually is.
This lack of transparency and difficulty in tracing ties the Humanity event to the Drift event as a continuous timeline: the former, with losses at the level of $285 million, carved out the profile for “suspected North Korean attacks” very clearly; the latter, with vague details and an unfinished investigation, reminds everyone that even as regulatory pressure and public scrutiny have reached the height of the G7 statement, the attacks have not pressed the pause button but rather extended in more covert and harder-to-quantify directions, forming a sense of threat that continues to escalate, beyond just the surface figures.
Compliance Pressure Mounts, Crypto Security Shake-Up
Before the suspected attacks on Drift and Humanity completely calmed down, the G7 statement from Évian pulled the already tightened compliance noose forward even further. The so-called “coordinated action by the international community” is interpreted within the industry as a possible forewarning of intelligence sharing, joint law enforcement, and unified standards between cross-national regulatory agencies, meaning that anti-money laundering, sanctions compliance, and on-chain monitoring are no longer “elective courses” fought separately by different jurisdictions, but under the amplification of North Korean issues, crammed into the same category of “core subjects” alongside international security and non-proliferation.
The first to feel suffocated are the exchanges and DeFi protocols caught between users and regulators. Centralized platforms know that the narrative accusing North Korea of evading sanctions through attacks on crypto platforms, once documented in the G7 communiqué, provides regulators with additional political legitimacy – any fund movement edged with dubious addresses may soon be requested to identify, tag, and freeze more swiftly, and the technical investments in on-chain analysis, address profiling, and cross-chain tracking will passively become survival costs. Decentralized protocols, on the other hand, face another kind of pressure: the events of Drift and Humanity have cast the previously applauded “permissionless and composable” aura into a high exposure view for regulators, forcing front-end teams and governance communities to discuss how to attach finer-grained risk filters and monitoring components without directly betraying the spirit of the protocol in the shadow of North Korean-related risks. In tandem, security firms and on-chain analysis institutions have been pushed to the forefront of the narrative; they serve both as the “explainers” summoned by the G7 context and as providers of tools in the new round of compliance and security shake-up, and the question of whether the tech stack will reshape the industry first, or the regulatory standards will continue to reshape technological choices, will determine whether this shake-up is merely a short-term adjustment of posture or a structural reconfiguration of the landscape.
North Korean Funding War and Global Defense Line Game
From being accused of using cryptocurrency attacks to “open up funding lines” under years of sanctions, to the G7 elevating this issue to the highest level of the political agenda in Évian on June 18, 2026, the basic pattern of this game has become clear: on one side is a state actor accused of circumventing financial blockades through on-chain theft to fund its weapons programs, and on the other side is an alliance of developed countries trying to weave a global defense network and integrate on-chain risks into the security and non-proliferation framework. United Nations security researchers, based on a single source perspective, included the Drift Protocol's loss of approximately $285 million in April 2026, as well as the Humanity Protocol's yet-to-be-disclosed losses in June 2026, into the “suspected North Korean hacker” narrative, while the G7 statement elevated this narrative to a security threat label in political documents; three crypto media outlets – Odaily Planet Daily, BlockBeats, and Foresight News – reported this series of events within the same time frame using roughly consistent frameworks, quickly cementing the visual impression of “North Korean funding war and global defense line,” but the repeated emphasis on missing information in the briefings and the prohibition against fabricating clauses also reminded readers: the technical attribution from a single source, the judgments from international organization researchers, and the political statements from the G7 do not equate to facts confirmed by judicial decisions. For industry participants, the real dilemma in the coming years may not lie in whether to acknowledge the existence of this game but in how to re-price in the midst of attack risk, compliance pressure, and decentralized ideals – whether to invest more resources into security and monitoring, accepting higher entry costs, or to adhere to the principles of minimal trust and open access, bearing the systemic noise and external political interference that follow; these forked choices will determine the role and position of the crypto industry in the next round of “funding war and defense line” narrative.
Join our community, let's discuss and become stronger together!
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
