North Korean Hackers Accused of $290 Million Cryptocurrency Heist from Kelp DAO
In a significant cybersecurity breach over the weekend, hackers infiltrated Kelp DAO, a decentralized finance (DeFi) protocol, and absconded with over $290 million in cryptocurrency. Kelp DAO is renowned for enabling users to earn yields on their idle crypto assets.
By Monday, LayerZero, a project impacted by the hack, publicly attributed the theft to North Korean state-sponsored hackers. This incident now stands as the largest crypto theft of 2026, surpassing the earlier April breach at the Drift crypto exchange, where approximately $285 million was stolen.
LayerZero detailed that the attackers exploited vulnerabilities within Kelp DAO via its LayerZero bridge—a mechanism facilitating communication between different blockchains. The hackers manipulated Kelp’s security configurations, which lacked multiple verification requirements for transaction approvals. This oversight allowed them to execute fraudulent transactions and siphon off substantial funds.
The company cited preliminary indicators pointing to North Korea as the perpetrator, specifically referencing the hacking group known as TraderTraitor, notorious for targeting cryptocurrency platforms.
In response, Kelp DAO shifted the blame back onto LayerZero, suggesting that the breach was due to vulnerabilities within LayerZero’s infrastructure.
This incident underscores a troubling trend of North Korean cyber activities aimed at the cryptocurrency sector. In 2025, North Korean hackers were responsible for stealing over $2 billion in crypto assets. Since 2017, the regime has reportedly amassed approximately $6 billion through such illicit activities.
The Lazarus Group, a North Korean state-sponsored hacking organization, has been implicated in numerous high-profile cyberattacks targeting financial institutions and cryptocurrency exchanges. Their operations are believed to fund the regime’s nuclear weapons program and circumvent international sanctions.
The Kelp DAO incident highlights the persistent vulnerabilities within the DeFi ecosystem. As these platforms continue to grow in popularity, they become increasingly attractive targets for sophisticated cybercriminals. This breach serves as a stark reminder of the critical need for robust security measures and vigilant monitoring within the cryptocurrency industry.
