Crypto Fraud Watch: North Korean Hackers, $75M in June Losses, and the Prince Group Takedown

June closed with nearly $76 million drained from crypto platforms in a single month, federal regulators sanctioned a global criminal network for crypto fraud, and law enforcement launched a sweeping new initiative to disrupt cybercrime infrastructure. Here’s what happened — and what it means for anyone operating in the digital asset space.

Humanity Protocol Hack — $31 Million Gone via Compromised Developer Machine

The single largest crypto security incident of June 2026 was the Humanity Protocol hack, which resulted in $31 million stolen through a private key compromise. Attackers gained access to private keys that had been backed up on a malware-infected developer machine — a reminder that even well-funded projects can be brought down by basic operational security failures.

Security firm Quantstamp noted that the attacker used tooling and techniques consistent with North Korean state-sponsored hacking groups, likely the Lazarus Group. This follows a pattern established earlier in 2026, when North Korean actors exploited Kelp DAO’s LayerZero bridge in April — the largest single DeFi hack of the year at the time — using similar methods: compromising RPC nodes and launching distributed denial-of-service attacks to overwhelm protocol defenses.

Syscoin Bridge and JaredFromSubway Add Millions More to June’s Tally

The second and third largest June incidents — an $8 million fake proof exploit on the Syscoin Bridge and a $7.5 million theft targeting JaredFromSubway — combined with the Humanity Protocol breach to account for over 60% of June’s total losses of $75.87 million across 40 security incidents.

The Syscoin exploit involved a fraudulent bridge proof that deceived smart contract validation logic, allowing attackers to drain funds without triggering standard security alerts. Meanwhile, Polymarket users lost approximately $3 million in a targeted phishing campaign, adding to a growing body of evidence that retail users remain a soft target even as institutional infrastructure hardens.

OFAC Sanctions Hit the Prince Group — 35 Entities and Individuals Designated

On June 23, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned nine individuals and 26 entities tied to the Prince Group, a previously designated Transnational Criminal Organization. The Prince Group has been linked to large-scale crypto investment fraud schemes, including “pig-butchering” operations that target victims through extended online relationships before convincing them to transfer funds to fraudulent platforms.

Treasury Secretary Scott Bessent stated that the Trump Administration is “united in its efforts to dismantle these overseas criminal enterprises,” signaling continued political will for aggressive crypto fraud enforcement. For U.S. businesses, the sanctions carry compliance implications: any transaction — even inadvertent — involving a designated entity can trigger OFAC enforcement action.

FBI Launches Operation Riptide

The FBI announced Operation Riptide in June — a coordinated, Executive-Order-directed enforcement campaign targeting the criminal infrastructure underpinning cybercrime and crypto fraud networks. The operation runs parallel to the earlier Scam Center Strike Force, which resulted in 276 arrests globally and the seizure of over $701 million across nine dismantled scam centers in Southeast Asia.

Operation Riptide signals a broader strategic shift: law enforcement is no longer just chasing individual perpetrators after the fact, but actively targeting the services, platforms, and money movement channels that enable large-scale fraud. Combined with the Prince Group sanctions and the earlier international crackdowns, the message from U.S. regulators is clear — crypto fraud has become a top-tier enforcement priority.

How to Protect Yourself

The June incidents highlight two distinct threat vectors: technical exploits targeting protocol infrastructure and social engineering attacks aimed at end users. For individuals, the most effective defenses remain vigilance against unsolicited investment opportunities, never sharing private keys or seed phrases regardless of the requester’s apparent legitimacy, and verifying any platform through independent sources before sending funds. For crypto projects and businesses, the Humanity Protocol breach is a stark warning about key management hygiene — private keys should never reside on internet-connected machines, regardless of convenience.

If you or your organization has been affected by a crypto hack, DeFi exploit, or pig-butchering scheme, legal options may include civil recovery actions, regulatory complaints with the FTC, FBI IC3, or SEC, and — in cases involving sanctioned entities — coordination with OFAC. Victims of crypto fraud are often surprised to learn that recovery is not always hopeless; early legal action and blockchain analytics can trace and sometimes freeze stolen funds.

At Coin Counsel, we work with individuals and businesses navigating the legal fallout of crypto fraud — whether you’re a victim seeking recovery, a company facing regulatory scrutiny, or a project working to stay compliant in an increasingly complex legal landscape. The rules are evolving fast, and the cost of getting it wrong has never been higher. Contact us at coin-counsel.com to speak with a crypto-focused attorney today.

Disclaimer

This blog post is for informational purposes only and does not constitute legal advice. Reading this content does not create an attorney-client relationship between you and Coin Counsel or Franco Law PLLC. The legal landscape surrounding cryptocurrency is rapidly evolving and varies by jurisdiction. Do not act or refrain from acting based on information in this post without first consulting a qualified attorney. If you believe you have been the victim of crypto fraud, contact us at coin-counsel.com for a consultation.

Next
Next

Crypto Fraud Watch: Billionaire Jailed 30 Years, $9.5M DeFi Exploit, and Global Scam Crackdown Intensifies