Ripple Shares DPRK-Linked Threat Data With Crypto ISAC
Ripple will provide Crypto ISAC high-confidence DPRK-linked intelligence on fraud domains, wallet addresses and campaign indicators for member screening.
On May 4, 2026, Ripple announced it will share high-confidence intelligence on Democratic People’s Republic of Korea-linked fraud domains, wallet addresses and indicators tied to active campaigns with the Crypto Information Sharing and Analysis Center (Crypto ISAC). The dataset includes identity signals that link suspected actors to wider operations.
Crypto ISAC’s updated API will deliver the feed to members. The API normalizes Web2 and Web3 indicators, preserves context, assigns confidence levels and keeps links between related signals so organizations can see how a domain, wallet or identity fits a larger pattern. Ripple and Coinbase are among the early adopters of the API.
Members can use the information to screen job applicants, contractors and vendors before granting system access. The shared data is designed for integration into hiring, vendor and access-control workflows and can be automated to run checks against applicant and vendor records.
Industry officials point to incidents where attackers gained access by building trust instead of exploiting software flaws. In one case, actors spent months cultivating relationships with contributors before installing malicious software and reaching multisignature wallets, showing how infiltration across people and organizations can enable larger compromises.
On X, Ripple wrote: “The strongest security posture in crypto is a shared one. A threat actor who fails a background check at one company will apply to three more that same week. Without shared intelligence, every company starts from zero.”
Justine Bone, executive director of Crypto ISAC, described Ripple’s contribution as a proof of concept for converting shared data into an actionable defense strategy and called for information sharing to become a standard practice across the industry.
The feed focuses on DPRK-linked activity and is intended to supplement existing threat feeds. Members will access the information through the API to automate identity checks and include the signals in access decisions.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
