The company behind XRP said it wants to report certain data linked to North Korean entities.
The cryptocurrency industry has long been a victim of hacks, many of which have been attributed to bad actors in North Korea, including some of the most recent major hacks, such as the Drift Protocol exploit.
Many big names have sought to enhance industry standards and security protocols, and Ripple is the latest to join. Here’s how.
Ripple to share intelligence
“The strongest security posture in the cryptocurrency space is shared mode,” X’s post from the company begins by saying. Ripple believes that a threat actor who fails a background check at a particular company will apply to three other entities in the same week, which is why each company is starting from scratch without sharing intelligence.
Ripple has decided to start sharing exclusive threat information with members of the Crypto ISAC – a collaborative security network designed to protect the digital asset ecosystem.
The statement issued by both entities stated that such sensitive data had never been shared at this level before. They include cryptocurrency wallets linked to scams, malicious domains, and active indicators of compromise (IOCs) linked to North Korean campaigns.
However, the parties added that “it goes deeper” because instead of raw data, Ripple will provide context-rich profiles, including LinkedIn accounts, emails, phone numbers and behavioral patterns, as it attempts to turn fragmentary clues into actionable intelligence.
The strongest security posture in crypto is shared mode.
A threat actor who fails a background check at one company will apply to three other companies in the same week. Without shared intelligence, every company starts from scratch.
Ripple is now contributing to the DPRK’s exclusive threat… https://t.co/ZiXD25iOBx
– Ripple (@ripple) May 4, 2026
You may also like:
ISAC infrastructure
Crypto ISAC has launched a new API that has already been adopted by industry giants like Coinbase to make this information usable in real-time. It allows companies to integrate threat data directly into their security systems, detect attackers faster, and coordinate responses across the industry.
“The newly updated Crypto ISAC API represents a meaningful step forward in how we share intelligence across the ecosystem. As early adopters, we have been working closely with Crypto ISAC to get the new data sources up and running in a way that aligns with our internal workflow. The result is higher quality, more actionable information that we can integrate directly into our security operations,” commented Erin Plante, Director of Brand Security and Intelligence at Ripple.
