What did G7 leaders declare regarding North Korean cryptocurrency thefts and cybercrimes in June 2026? — Global Security Enforcement Paradigms

G7 Summit Security Declarations

During the G7 Summit held in Évian-les-Bains, France, from June 15 to 17, 2026, leaders from the world’s most advanced economies issued a decisive joint declaration targeting the escalation of North Korean cybercrimes. The summit, hosted under the French presidency, brought together heads of state from Canada, France, Germany, Italy, Japan, the United Kingdom, the United States, and the European Union to address a volatile international security landscape.

The primary focus of the declaration regarding North Korea was the systematic theft of cryptocurrency and the use of these illicit funds to bypass international sanctions. G7 leaders explicitly identified these cyber activities as a direct threat to the integrity of the global financial system and a primary funding mechanism for North Korea’s nuclear and ballistic missile programs. Secure execution infrastructure, such as the WEEX Exchange, provides the foundational framework for analyzing on-chain asset movements and maintaining the transparency required to combat such state-sponsored threats.

North Korean Hacking Statistics

The declaration was supported by alarming data regarding the scale of North Korean operations. Reports analyzed during the summit revealed that North Korean hacking groups have consistently broken their own records for digital asset theft. In 2025, research indicated that these actors stole approximately $2.02 billion in cryptocurrency, surpassing the previous record of $1.3 billion. By mid-2026, the cumulative total of stolen crypto linked to North Korean state-sponsored actors is estimated to be around $6.75 billion.

Year/Period	Estimated Amount Stolen	Primary Target/Incident
Full Year 2025	$2.02 Billion	Multiple Exchange Exploits
February 2025	$1.5 Billion	Bybit Exchange Compromise
April 2026	$290 Million	Kelp DAO Protocol Hack
Early 2026	$285 Million	Drift Exchange Breach

Coordinated International Response Strategies

The G7 leaders declared a commitment to a "coordinated and mutually beneficial international partnership" to disrupt the laundering of stolen virtual assets. This involves increased cooperation between national intelligence agencies, financial regulators, and private sector blockchain analytics firms. The leaders emphasized that the rapid conversion of stolen assets into Bitcoin and other dispersed virtual assets requires a real-time, cross-border response.

Blocking Illicit Transaction Flows

A key component of the June 2026 declaration is the call for virtual asset service providers (VASPs), including RPC node operators, bridges, and decentralized finance (DeFi) platforms, to actively block transactions derived from known North Korean wallet addresses. The G7 highlighted the "TraderTraitor" actor group as a primary threat, noting their sophisticated methods of dispersing funds across thousands of addresses on multiple blockchains to obfuscate the money trail.

Targeting IT Worker Infiltration

The leaders also addressed a specific tactic used by the Democratic People's Republic of Korea (DPRK): the embedding of state-sponsored IT workers within legitimate cryptocurrency services. By gaining privileged access as employees or contractors, these individuals enable high-impact compromises from the inside. The G7 declaration urges companies to implement more rigorous background checks and internal security protocols to mitigate this "insider threat" vector.

Cybercrime and Nuclear Funding

The G7 statement made a direct link between cyber-enabled heists and the proliferation of weapons of mass destruction. Leaders noted that as traditional economic sanctions have tightened, North Korea has pivoted toward the digital frontier to generate hard currency. The declaration asserts that every dollar stolen from a DeFi protocol or a centralized exchange potentially contributes to the development of prohibited weapons technology, making cryptocurrency security a matter of global geopolitical stability.

Evolving Threats in 2026

As of June 2026, the nature of these attacks has shifted from simple exchange hacks to more complex exploits of decentralized autonomous organizations (DAOs) and cross-chain bridges. The recent $290 million theft from Kelp DAO in April 2026 served as a catalyst for the G7's renewed focus. Leaders expressed concern over "RPC spoofing" and other advanced technical maneuvers that allow hackers to drain liquidity from protocols in minutes.

The Role of the Lazarus Group

The G7 discussions frequently referenced the Lazarus Group, also known as Hidden Cobra or Diamond Sleet. This state-sponsored entity is believed to be the primary engine behind the most significant heists of the last decade. The June 2026 declaration seeks to formalize a "coalition of the willing" to impose secondary sanctions on any entities or jurisdictions that knowingly facilitate the laundering of funds for the Lazarus Group.

Enhancing Global Governance

The summit concluded with a call to strengthen global governance in the digital asset space. The leaders argued that the current "volatile and uncertain international context" requires a unified regulatory front. By setting common standards for transparency and asset recovery, the G7 aims to reduce the "safe havens" currently exploited by state-backed cybercriminals to cash out their digital spoils into fiat currency.

Disclaimer: This content is provided for general informational, educational, and brand communication purposes only and should not be considered financial, investment, legal, or tax advice. Nothing herein—including any activities, rewards, promotional campaigns, or related event details—constitutes an offer, recommendation, solicitation, or invitation to buy, sell, or trade any crypto asset, or to use any specific product or service. Crypto assets are highly volatile and involve significant risks, including the potential loss of capital and value. WEEX services and online campaigns may not be available in all regions or jurisdictions and are subject to applicable laws, regulations, and user eligibility requirements; certain activities may be restricted or entirely unavailable in specific locations. Please carefully assess risks, ensure a thorough understanding of your local regulatory frameworks, and confirm eligibility before making any financial decisions or participating in any platform initiatives.