A massive cryptocurrency theft worth over US$290 million has been linked to North Korean state-backed hackers, marking the largest digital asset heist of 2026 so far and raising fresh concerns about vulnerabilities across the decentralised finance (DeFi) ecosystem.
The attack targeted Kelp DAO, a platform that allows users to earn returns on idle crypto assets. According to initial findings, the breach occurred over the weekend and exploited weaknesses in a cross-chain bridge powered by LayerZero, a system used to facilitate communication between different blockchains.
Investigators say the attackers were able to bypass key security checks, allowing them to approve fraudulent transactions and siphon funds undetected. A major flaw in the system—specifically the absence of multi-layer verification—created a single point of failure that enabled the exploit.
LayerZero, one of the affected platforms, has pointed to “preliminary indicators” suggesting the involvement of North Korea’s notorious hacking unit, often referred to as the Lazarus Group or TraderTraitor.
The group has built a reputation over the years for targeting cryptocurrency platforms as part of a broader strategy to generate foreign currency for the regime. Analysts estimate that North Korean-linked actors have stolen billions of dollars in crypto assets since 2017, making them one of the most prolific cybercrime networks globally.
The Kelp DAO breach alone involved the theft of more than 116,000 rsETH tokens—representing a significant portion of the protocol’s circulating supply—triggering ripple effects across multiple DeFi platforms.
Beyond the immediate financial losses, the incident has exposed deeper structural risks within decentralised finance. Security experts say the attack demonstrates how interconnected systems—especially cross-chain bridges—can amplify vulnerabilities, turning a single exploit into a broader ecosystem shock.
The breach has already sparked panic across parts of the crypto market, with some platforms freezing operations and investors scrambling to assess their exposure. It has also reignited debate over whether current DeFi security frameworks are robust enough to withstand increasingly sophisticated, state-backed cyberattacks.
Kelp DAO has since moved to contain the damage by pausing affected contracts, while investigations continue into the full scope of the breach and the flow of stolen funds.
The timing of the attack is particularly significant, coming amid heightened scrutiny of the crypto industry and growing regulatory pressure worldwide. As digital assets become more integrated into global finance, incidents like this are likely to intensify calls for stricter oversight and improved security standards.
For now, the Kelp DAO hack stands as a stark reminder: in the race between innovation and security, the attackers are evolving just as fast.
