Close Menu
AltCoinDrops.comAltCoinDrops.com
    What's Hot

    UBS, Chainlink, DigiFT Team Up to Automate Tokenized Funds in Hong Kong

    September 11, 2025

    Legal Ruling Shields Cook, Slows Trump’s Fed Shake-Up and Crypto Risk

    September 10, 2025

    Pi network price eyes surge on bullish divergence, whale buying spree

    September 15, 2025
    Facebook X (Twitter) Instagram
    • Privacy Policy
    • Get In Touch
    Facebook X (Twitter) Instagram
    AltCoinDrops.comAltCoinDrops.com
    • Latest News
      • Altcoin
      • Bitcoin
      • Ethereum
      • Markets
      • Blockchain
      • Regulation
    • Prices & Market Data
    • Learn/Guide
      • Explainers
      • Courses
      • How To
    • Sponsored
    • Ask Anything
    • Tools
      • Crypto Profit Calculator
      • Crypto Position Size Calculator
      • Crypto APY Calculator
      • Crypto APR Calculator
      • Dollar Cost Average Calculator
      • Asset Allocation Calculator
      • Annualized Return Calculator
    AltCoinDrops.comAltCoinDrops.com
    Home » North Korea’s crypto heist playbook is expanding and DeFi keeps getting hit
    Altcoin

    North Korea’s crypto heist playbook is expanding and DeFi keeps getting hit

    April 21, 20264 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    North Korea’s crypto heist playbook is expanding and DeFi keeps getting hit
    Share
    Facebook Twitter LinkedIn Pinterest Email



    Less than three weeks after North Korea-linked hackers used social engineering to hit crypto trading firm Drift, hackers tied to the nation appear to have pulled off another major exploit with Kelp.

    Crypto Investor EA

    The attack on Kelp, a restaking protocol tied into LayerZero’s cross-chain infrastructure, suggests an evolution in how North Korea-linked hackers operate, not just looking for bugs or stolen credentials, but exploiting the basic assumptions built into decentralized systems.

    Taken together, the two incidents point to something more organized than a string of one-off hacks, as North Korea continues to escalate its efforts to hijack funds from the crypto sector.

    “This is not a series of incidents; it is a cadence,” said Alexander Urbelis, chief information security officer and general counsel at ENS Labs. “You cannot patch your way out of a procurement schedule.”

    More than $500 million was siphoned across the Drift and Kelp exploits in just over two weeks.

    How Kelp was breached

    At its core, the Kelp exploit did not involve breaking encryption or cracking keys. The system actually worked the way it was designed to. Rather, attackers manipulated the data feeding into the system and forced it to rely on those compromised inputs, causing it to approve transactions that never actually occurred.

    “The security failure is simple: a signed lie is still a lie,” Urbelis said. “Signatures guarantee authorship; they do not guarantee truth.”

    In simpler terms, the system checked who sent the message, not whether the message itself was correct. For security experts, that makes this less about a clever new hack and more about exploiting how the system was set up.

    “This attack wasn’t about breaking cryptography,” said David Schwed, COO of blockchain security firm SVRN. “It was about exploiting how the system was set up.”

    One key issue was a configuration choice. Kelp relied on a single verifier, essentially one checker, to approve cross-chain messages. That is because it’s faster and simpler to set up, but it removes a critical safety layer.

    LayerZero has since recommended using multiple independent verifiers to approve transactions in the fallout, similar to requiring multiple signatures on a bank transfer. Some in the ecosystem have pushed back on that framing, saying that LayerZero’s default setup was to have a single verifier.

    “If you’ve identified a configuration as unsafe, don’t ship it as an option,” Schwed said. “Security that depends on everyone reading the docs and getting it right is not realistic.”

    The fallout has not stayed limited to Kelp. Like many DeFi systems, its assets are used across multiple platforms, meaning problems can spread.

    “These assets are a chain of IOUs,” Schwed said. “And the chain is only as strong as the controls on each link.”

    When one link breaks, others are affected. In this case, lending platforms like Aave that accepted the impacted assets as collateral are now dealing with losses, turning a single exploit into a wider stress event.

    Decentralization marketing

    The attack also exposes a gap between how decentralization is marketed and how it actually works.

    “A single verifier is not decentralized,” Schwed said. “It’s a centralized decentralized verifier.”

    Urbelis puts it more broadly.

    “Decentralization is not a property a system has. It is a series of choices,” he said. “And the stack is only as strong as its most centralized layer.”

    In practice, that means even systems that appear decentralized can have weak points, especially in the less visible layers like data providers or infrastructure. Those are increasingly where attackers are focusing.

    That shift may explain Lazarus’ recent targeting.

    The group has begun zeroing in on cross-chain and restaking infrastructure, Urbelis said, the parts of crypto that move assets between systems or allow them to be reused.

    These layers are critical but complex, often sitting underneath more visible applications. They also tend to hold large amounts of value, making them attractive targets.

    If earlier waves of crypto hacks focused on exchanges or obvious code flaws, recent activity suggests a move toward what could be called the industry’s plumbing, the systems that connect everything together, but are harder to monitor and easier to misconfigure.

    As Lazarus continues to adapt, the biggest risk may not be unknown vulnerabilities, but known ones that are not fully addressed.

    The Kelp exploit did not introduce a new kind of weakness. It showed how exposed the ecosystem remains to familiar ones, especially when security is treated as a recommendation rather than a requirement.

    And as attackers move faster, that gap is becoming both easier to exploit and far more expensive to ignore.

    Read more: North Korean hackers are running massive state-sponsored heists to run its economy and nuclear program



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    3 Revenue-Generating Tokens Institutions Are Accumulating During the Market Correction

    July 3, 2026

    Whale Wallet Springs Back To Life

    July 2, 2026

    U.S. senators seek to block foreign adversaries from AI technology in new bill

    July 1, 2026

    Expert Flashes 2 Bullish Signs For XRP As CLARITY Act Eyes July 20

    June 30, 2026
    Top Posts

    EACC boss urges African anti-corruption arms to harness AI and blockchain

    February 7, 2026

    CME pushes Solana, XRP into derivatives spotlight with new options

    September 17, 2025

    How EU DAC8 Crypto Reporting Rule to Transform Exchange Compliance in 2026

    November 30, 2025

    Subscribe to Updates

    Get the latest updates from AltCoinDrops.com on crypto trends, market insights, and investment opportunities.

      Welcome to AltCoinDrops.com! Your go-to source for fast, reliable updates from the ever-evolving world of cryptocurrency. Whether it's Bitcoin, altcoins, blockchain breakthroughs, or DeFi trends, we bring you timely insights, expert analysis, and key developments shaping the future of digital finance. Stay ahead with real-time crypto news and in-depth coverage.

      Top Insights

      Worldcoin is Predicted to Drop to $0.324192 By Jul 08, 2026

      July 3, 2026

      dYdX launches Arcus DEX on Robinhood Chain as DYDX token drops 23%

      July 2, 2026

      Bittensor is Trading 29.83% Above Our Price Prediction for Jul 05, 2026

      July 1, 2026
      Advertisement
      Crypto Investor EA
      • Privacy Policy
      • Get In Touch
      © 2026. Designed by AltCoinDrops.com.

      Type above and press Enter to search. Press Esc to cancel.