G7 leaders have renewed their call for coordinated action against state-sponsored crypto theft, pointing to a Chainalysis estimate that hackers linked to North Korea have stolen more than $2 billion in digital assets. The figure was cited in a CoinMarketCap report on June 18, 2026, tying the diplomatic push to the blockchain analytics firm's latest tally of losses attributed to the Democratic People's Republic of Korea.
The statement lands during a fearful stretch for the market. Bitcoin traded near $62,849 on June 18, 2026, down 2.2% on the day, with Ether around $1,702 and the Crypto Fear & Greed Index sitting at 20, firmly in Fear territory. The security backdrop adds another reason for caution to a tape that was already nervous.
The scale behind the $2 billion figure
Chainalysis has spent years attributing large-scale exchange breaches to hacking units operating on behalf of Pyongyang, often grouped under the Lazarus label by researchers. The more than $2 billion cited here is a cumulative read on how much value those operations have moved, not a single incident. It stacks together exchange intrusions, bridge exploits, and social-engineering campaigns that target employees with access to signing keys.
The pattern is consistent across cases analysts have documented. Attackers compromise a custodial operator, drain hot wallets that hold pooled user funds, then launder the proceeds through mixers, cross-chain bridges, and a long chain of intermediary addresses. The money is eventually converted to cash through over-the-counter brokers. Each step is designed to break the on-chain trail that firms like Chainalysis use to follow stolen funds.
A coordination problem, not just a policing one
The G7, which groups the United States, United Kingdom, Japan, Germany, France, Italy, and Canada, has flagged DPRK crypto activity before. The renewed call signals that prior measures have not closed the gap. Sanctions on specific wallet addresses and mixer services can freeze known endpoints, but attackers respond by rotating to fresh infrastructure faster than enforcement can blacklist it.
Joint action is the operative phrase. Stolen funds rarely stay within one jurisdiction. A breach at an exchange in one country can route laundered proceeds through services domiciled in several others before cashing out in a third. No single regulator can follow that flow alone, which is why the G7 is leaning on shared intelligence and faster cross-border freezing rather than national rules acting in isolation. The same fragmentation that complicates licensing across borders also complicates clawing back stolen assets.
The exposure sits with custodians
For everyday users, the most important detail is where these thefts happen. State-backed crews go after the largest concentrations of value they can reach in one strike, and that means exchanges and other custodial platforms holding pooled balances. An individual wallet rarely justifies the effort. A hot wallet sitting behind a major venue does.
That distinction matters for anyone funding a crypto card. Many cards draw from a balance the provider holds on your behalf, which means your spending float sits inside the same custodial perimeter attackers probe. If that operator is breached or freezes withdrawals during an incident, access to your funds can stall with it. Cards that let you spend from your own wallet keep the float under keys you control, removing the pooled-custody target from the equation. Neither model is immune to user-side mistakes, but the threat profile is different.
The tradeoff is real either way. Self-custody shifts responsibility for key security onto you, where phishing and approval scams remain the most common loss vectors. Custodial products hand that work to a provider but add the counterparty risk the G7 statement underlines. The collapses of FTX and Wirecard are reminders that frozen or lost balances are not a hypothetical when a custodian fails, whether through fraud, insolvency, or a successful attack.
The practical follow-through to track
The renewed G7 language is a statement of intent, not a binding measure on its own. The practical follow-through to track is whether member states move toward shared blacklists of laundering infrastructure, faster freezing of flagged addresses at compliant exchanges, and tighter reporting requirements on the OTC brokers that convert stolen crypto to cash. Each of those steps targets a specific link in the laundering chain rather than the breach itself.
Until then, the takeaway for users is unchanged by the diplomacy. The $2 billion figure is a measure of how much value has flowed out of custodial systems, and it is a direct argument for thinking about where your spending balance actually sits.
Overview
G7 leaders renewed their push for joint action against North Korean crypto theft on June 18, 2026, citing a Chainalysis estimate of more than $2 billion stolen by DPRK-linked groups. The thefts concentrate on exchanges and custodial hot wallets, laundered through mixers and bridges across multiple jurisdictions, which is why coordinated cross-border enforcement is the focus. For users, the event sharpens the custodial versus self-custody question: pooled balances are the target, and where your card draws its float from decides your exposure.
