Ripple Expands Security Efforts Against North Korean Hacks

TLDR

• Ripple announced that it will share exclusive threat intelligence with Crypto ISAC members.
• The shared data includes fraud-linked crypto wallets and malicious domains tied to North Korean campaigns.
• Ripple will also provide context-rich profiles containing emails, LinkedIn accounts, and behavior patterns.
• Crypto ISAC launched a new API that enables companies to integrate threat data into their security systems.
• Coinbase has already adopted the updated API to strengthen its security operations.

Ripple has announced a new threat intelligence sharing initiative focused on North Korean-linked cyber campaigns. The company will provide exclusive data to Crypto ISAC members through a newly launched API. The move aims to strengthen coordinated defense across the digital asset sector.

Ripple Expands Intelligence Sharing Through Crypto ISAC

Ripple stated that crypto firms often face repeated attempts from the same threat actors. The company said attackers who fail background checks at one firm often target others within days. Therefore, Ripple decided to share intelligence to reduce fragmented defenses.

Ripple will provide exclusive threat intelligence to members of Crypto ISAC. Crypto ISAC operates as a collaborative security network for digital asset companies. The company said this level of intelligence sharing has not occurred before within the sector.

The shared data will include fraud-linked crypto wallet addresses and malicious domains. It will also include active Indicators of Compromise tied to North Korean campaigns. Both entities confirmed that the intelligence will extend beyond raw technical data.

Ripple will also share context-rich profiles linked to suspicious actors. These profiles will contain LinkedIn accounts, emails, phone numbers, and behavioral patterns. The company said it aims to convert fragmented clues into operational intelligence.

“The strongest security posture in crypto is a shared one,” Ripple stated in its announcement. The company argued that firms currently rebuild intelligence from zero without shared databases. As a result, it believes coordinated sharing will reduce repeated infiltration attempts.

New API Enables Real-Time Security Integration

Crypto ISAC has launched a new API to distribute the shared intelligence. The API allows companies to integrate threat data directly into internal security systems. This setup enables faster detection and response coordination across platforms.

Coinbase has already adopted the updated API for operational use. Crypto ISAC confirmed that other industry participants have begun onboarding the system. The organization said the tool supports real-time intelligence deployment.

Erin Plante, Director of Brand Security and Intelligence at Ripple, addressed the rollout. She said the API improves how companies share and operationalize intelligence. Plante confirmed that Ripple worked closely with Crypto ISAC during implementation.

“Crypto ISAC’s newly updated API represents a meaningful step forward in how intelligence is shared,” Plante said. She added that Ripple aligned the integration with its internal workflows. She said the result delivers higher-quality intelligence for direct security operations use.

The initiative targets campaigns attributed to North Korean-linked actors. Recent incidents, including the Drift Protocol exploit, have drawn attention to coordinated attacks. Ripple confirmed that it will continue supplying updated intelligence through the Crypto ISAC network.

Crypto ISAC stated that member companies can access and automate the shared data feeds. The organization said the API structure allows continuous updates without manual intervention. The rollout remains active as participating firms complete system integration.