emergencyBreaking NewsOil Price Drop Recasts Federal Reserve Interest Rate Cut TimelineMorgan Stanley's Bitcoin ETF reaches $103 million in six trading daysPayward's $550 Million Acquisition of Bitnomial Secures a Full U.S. Derivatives StackGrinex Exchange Suspends Trading After $13.7 Million CyberattackRobinhood Stock Surges 10% as SEC Removes Day Trading Minimum, Expanding Active Trader AccessOil Price Drop Recasts Federal Reserve Interest Rate Cut TimelineMorgan Stanley's Bitcoin ETF reaches $103 million in six trading daysPayward's $550 Million Acquisition of Bitnomial Secures a Full U.S. Derivatives StackGrinex Exchange Suspends Trading After $13.7 Million CyberattackRobinhood Stock Surges 10% as SEC Removes Day Trading Minimum, Expanding Active Trader Access
DoiDoi
Credit & Lendingexpand_more
Credit CardsPersonal LoansStudent Loans
Markets & Investingexpand_more
Stocks & ETFsCrypto & BlockchainFed & Macro
Retirement & Benefitsexpand_more
401(k) & IRASocial SecurityRetirement Policy
Real Estateexpand_more
Mortgage RatesHousing Market
Financial Foundationexpand_more
Budgeting & SavingInsurance
Latest News
MarketsPortfolio
The Digital Ledger
Credit & Lending
Markets & Investing
Retirement & Benefits
Real Estate
Financial Foundation
Latest News
Dashboards

Institutional Financial Analysis

Home/Markets & Investing/CRYPTO MONEY LAUNDERING ENFORCEMENT · DEFI EXPLOIT

North Korean State Actors Pivot to AI-Driven Social Engineering to Drain DeFi Protocols

EL

Elara Livingston

crypto money laundering enforcement · Apr 17, 2026

North Korean State Actors Pivot to AI-Driven Social Engineering to Drain DeFi Protocols

Source: DojiDoji Data Terminal

Rhea Finance lost $7.6 million on Thursday after attackers used a vulnerability in its Margin Trading feature to execute a pool manipulation attack on the Rhea Lend smart contract. CertiK reported the attacker created fake token contracts and added liquidity to fresh pools to mislead the oracle and validation layer. On the same day, the Kyrgyzstan-registered Grinex exchange halted withdrawals and trading after a cyberattack that drained approximately $15 million in USDT. Elliptic noted the stolen USDT was swapped into TRX and ETH to avoid being frozen by Tether.

Related Brief9h ago
cryptocurrency

Institutional investors are not buying crypto for price gains — they're chasing yield

Institutional investors are not buying crypto for price gains — they're chasing yield. The shift is clear: nearly four out of five institutional investors plan to allocate 2% to 5% of their total assets under management to cryptocurrencies, according to Nomura’s 2026 Digital Asset Institutional Investor Survey. But the goal isn’t just riding price waves. Over two-thirds of respondents want exposure to decentralized finance (DeFi) mechanics like staking, where capital earns returns through network participation. Sixty-five percent are targeting lending and tokenised assets. Sixty-three percent are exploring derivatives and stablecoins. This reflects a broader pivot — from speculation to income generation. Crypto is increasingly seen as a diversification tool on par with stocks, bonds, and commodities, with 65% of institutions now classifying it as such. The focus on yield strategies signals a maturing market, where capital is deployed not for volatility but for utility. Stablecoins, in particular, are emerging as a key conduit. Sixty-three percent of investors see real use cases: managing cash, executing cross-border payments, trading currencies, and investing in tokenised assets. Trust hinges on the issuer — stablecoins backed by major financial institutions in the yen, dollar, and euro are viewed as most credible. Nomura attributes the shift to better risk management, regulatory clarity, and a growing suite of investment products. But the core insight remains: institutions aren’t just entering crypto. They’re reshaping its value proposition.

These breaches are part of a wave of at least 12 attacks on DeFi protocols and crypto businesses since April 1, 2026. Other losses in April include $1.67 million from the Binance Smart Chain TMM/USDT liquidity pool, $423,000 from Aethir on April 9, $410,000 from Dango on April 13, and $392,000 from Silo Finance on April 3. The surge follows the $280 million exploit of Drift Protocol on April 1.

Related Brief1d ago
cybersecurity

Kraken Refuses Ransom After Insider Breach Exposes 2,000 Accounts

Two thousand Kraken clients face the risk of their private data being leaked on social media. The exposure occurred after two support employees were recruited by a cybercrime group to gain improper access to internal systems. These employees recorded videos of internal systems containing client support data for 2,000 accounts, or 0.02% of the user base. Kraken revoked employee access and strengthened controls following a tip in February 2025. A criminal group subsequently threatened to release the videos to media outlets and social media unless payment was made. Kraken refused to pay or negotiate with the ransom demands. A criminal investigation is underway to identify and arrest the responsible individuals. 2,000 clients face the risk of their private data being leaked on social media.

Investigators attribute the Drift exploit to the Democratic People’s Republic of Korea (DPRK), noting the attack began with a six-month social engineering operation where actors posed as a quantitative trading firm. Researchers highlight that DPRK-affiliated groups are now combining AI tools and social engineering to infiltrate companies and harvest credentials, bypassing traditional code audits. Elliptic has identified 18 DPRK-linked acts this year, with more than $300 million stolen so far.

Related Brief2d ago
cybersecurity

Kraken Support Staff Breach Exposes 2,000 Users to Phishing

Approximately 2,000 Kraken customers are now susceptible to phishing attacks and targeted scams. Their personal data, including names and addresses, was provided to cybercriminals after customer support staff took photos and videos of internal client management platforms. The breach occurred across two distinct events in February 2025 and a second more recent occurrence. A criminal group used these recordings to attempt to extort the exchange, which refused to negotiate. Chief Security Officer Nick Percoco stated that no systems were breached and funds remained secure. The exchange is working with federal law enforcement across multiple jurisdictions to identify the individuals involved.

crypto money laundering enforcementDeFi exploitcrypto IRS ruling

The Ledger Morning

The essential intelligence to start your trading day. Delivered 6:00 AM EST.

Join 50,000+ professionals who start their day with The Digital Ledger.

No spam. Unsubscribe anytime.

Read More Analysis

Fed interest rate decision

Oil Price Drop Recasts Federal Reserve Interest Rate Cut Timeline

Consumers will see relief at the gas pump, allowing them to restore spending on other goods and services. This shift is …

Kraken

Payward's $550 Million Acquisition of Bitnomial Secures a Full U.S. Derivatives Stack

U.S. clients of Kraken's parent company, Payward, will gain access to regulated spot margin, perpetuals, and options und…

DoiDoi

© 2026 DojiDoji. All rights reserved.

EditorialEditorial GuidelinesCorrections
LegalPrivacy PolicyTerms of Service
DisclosureSEC DisclosuresAd Choice
SocialX (Twitter)LinkedIn