North Korea’s crypto heist playbook is expanding and DeFi keeps getting hit

Hackers Strike Again: North Korea’s Lazarus Group Steals $292 Million in Kelp Exploit — DeFi’s Biggest Security Flaw Exposed

Just weeks after North Korea-linked hackers drained $270 million from crypto trading firm Drift, the infamous Lazarus Group has struck again—this time targeting Kelp, a restaking protocol built on LayerZero’s cross-chain infrastructure. In a meticulously executed attack, the hackers siphoned off a staggering $292 million, exploiting the very foundation of decentralized finance (DeFi) and raising urgent questions about the security of cross-chain systems.

This latest exploit is not just another headline-grabbing hack; it’s a chilling reminder of how North Korea continues to weaponize cryptocurrency to fund its economy and nuclear ambitions. With over $500 million stolen in just two weeks, the Kelp attack underscores a disturbing trend: hackers are no longer just looking for bugs or stolen credentials—they’re exploiting the fundamental assumptions built into decentralized systems.

How the Kelp Exploit Happened

At first glance, the Kelp attack might seem like a technical marvel, but the truth is far simpler—and far more alarming. The hackers didn’t break encryption or crack keys. Instead, they manipulated the data feeding into the system, forcing it to rely on compromised inputs. This caused the system to approve transactions that never actually occurred.

“This is not a series of incidents; it is a cadence,” said Alexander Urbelis, Chief Information Security Officer and General Counsel at ENS Labs. “You cannot patch your way out of a procurement schedule.”

The attack exploited a critical configuration choice: Kelp relied on a single verifier to approve cross-chain messages. While this setup is faster and simpler, it removes a crucial safety layer. LayerZero has since recommended using multiple independent verifiers, but the damage is done.

Decentralization: A Myth or a Reality?

The Kelp exploit exposes a glaring gap between how decentralization is marketed and how it actually works. “A single verifier is not decentralized,” said David Schwed, COO of blockchain security firm SVRN. “It’s a centralized decentralized verifier.”

This attack is a wake-up call for the entire DeFi ecosystem. As Urbelis puts it, “Decentralization is not a property a system has. It is a series of choices. And the stack is only as strong as its most centralized layer.”

The Ripple Effect: Beyond Kelp

The fallout from the Kelp exploit has not stayed limited to the protocol itself. Like many DeFi systems, Kelp’s assets are used across multiple platforms, meaning problems can spread. Lending platforms like Aave, which accepted the impacted assets as collateral, are now dealing with losses, turning a single exploit into a wider stress event.

“These assets are a chain of IOUs,” Schwed explained. “And the chain is only as strong as the controls on each link.”

North Korea’s Escalating Crypto War

The Kelp attack is part of a broader strategy by North Korea to hijack funds from the crypto sector. Lazarus Group has been targeting cross-chain and restaking infrastructure, the critical but complex systems that move assets between platforms. These layers hold large amounts of value, making them attractive targets.

“If you’ve identified a configuration as unsafe, don’t ship it as an option,” Schwed warned. “Security that depends on everyone reading the docs and getting it right is not realistic.”

The Future of DeFi Security

The Kelp exploit didn’t introduce a new kind of weakness—it showed how exposed the ecosystem remains to familiar ones, especially when security is treated as a recommendation rather than a requirement. As attackers move faster, that gap is becoming both easier to exploit and far more expensive to ignore.

The DeFi industry must take this as a call to action. Security cannot be an afterthought; it must be baked into the very foundation of these systems. As North Korea continues to escalate its efforts, the stakes have never been higher.

Tags: #KelpExploit #LazarusGroup #NorthKoreaHacking #DeFiSecurity #CryptoTheft #LayerZero #CrossChainInfrastructure #BlockchainSecurity #CryptocurrencyHeists #CryptoNews #ViralNews

Viral Sentences:

• “$292 Million Stolen: North Korea’s Lazarus Group Strikes Again!”
• “DeFi’s Biggest Security Flaw Exposed: Kelp Hack Shows How Hackers Exploit Decentralized Systems!”
• “North Korea’s Crypto War: How Hackers Are Hijacking Billions to Fund Nuclear Ambitions!”
• “Single Verifier = Centralized Decentralized? Kelp Exploit Exposes DeFi’s Weakest Link!”
• “500 Million in Two Weeks: North Korea’s Relentless Crypto Heists Are Getting Worse!”

,