Ripple shares North Korea hacker intelligence with crypto industry after $500M+ in one-month losses.

Ripple is feeding internal threat profiles on North Korean operatives — LinkedIn accounts, email addresses, contact numbers — to Crypto ISAC, the crypto sector's threat-sharing body. The move follows April's Drift and Kelp exploits, which together drained more than $500 million in a single month and were both attributed to Lazarus Group.

Neither breach relied on a smart contract bug. North Korean operatives spent months building trust inside target organisations before deploying malware and walking off with private keys. Ripple's argument is blunt: a threat actor who fails a background check at one firm will apply to three more that week, and without shared intelligence every company starts from zero.

The fallout has reached the courts. An attorney representing victims of North Korean terrorism has served restraining notices on Arbitrum DAO over 30,765 ETH frozen after the Kelp…