Ripple Shares North Korea Threat Intelligence With Crypto ISAC to Strengthen Industry Defense

Ripple Shares North Korea Threat Intelligence With Crypto ISAC to Strengthen Industry Defense

N
News Editor 01
2026-07-10 01:13:13
Ripple is sharing high-confidence North Korea-linked threat intelligence with Crypto ISAC, including scam domains, wallets, and compromise indicators, to help crypto firms improve hiring, vendor screening, and identity-based risk defense.
RippleCrypto ISACNorth KoreaBlockchain SecurityThreat Intelligence

Ripple said it will share North Korea-linked threat intelligence with Crypto ISAC to help member companies strengthen hiring reviews, contractor checks, and vendor screening. The shared intelligence includes scam-related domains, wallet addresses, and indicators of compromise tied to active campaigns, with the goal of helping crypto firms identify identity-based threats before granting access.

High-confidence intelligence with added context

According to the announcement, the program gives Crypto ISAC members access to Ripple’s high-confidence intelligence related to activity associated with the Democratic People’s Republic of Korea. Beyond technical indicators, the shared data also includes additional context, such as identity signals and details that can connect suspected actors to broader operations. That added layer is intended to help security teams assess applicants, contractors, and outside partners more effectively before they become trusted insiders.

Ripple said on X that the strongest security posture in crypto is a shared one. The company argued that a threat actor rejected during a background check at one firm may apply to several others in the same week, and without shared intelligence, each company is forced to start from scratch.

Crypto ISAC API aims at identity-based risk

The intelligence will be distributed through Crypto ISAC’s updated API, which is designed to standardize both Web2 and Web3 indicators so members can integrate the data into their security operations. Ripple and Coinbase were identified as among the early companies using the API.

The approach is meant to go beyond static threat alerts by preserving context, confidence levels, and links between separate signals. That distinction matters when attackers do not begin with a visible exploit. The report referenced the Drift incident, where malicious actors reportedly spent months building trust with participants before deploying harmful software and gaining access to multisignature wallets.

Testing a collective security model for crypto

The move is also a broader test of whether crypto firms can respond collectively to threats that move from one company to another. If one member identifies a suspicious actor, enriched profile data can be passed to others before the same individual or group attempts another route of entry.

Crypto ISAC Executive Director Justin Bohn said intelligence sharing was long treated as optional, but is now the gold standard in security. In his view, Ripple’s action through Crypto ISAC offers a concrete proof of concept for turning shared data into an actionable defense strategy that the wider industry can build on.

Overall, Ripple’s contribution highlights how shared threat intelligence is increasingly being positioned as a practical defensive layer for an industry facing coordinated infiltration attempts.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
400

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.