North Korea's Lazarus Group Executes $285 Million DeFi Heist on Drift Protocol
Here's what it means for you.
The theft underscores the vulnerabilities in decentralized finance (DeFi) systems, impacting investor confidence and regulatory scrutiny globally.
Why it matters
The incident highlights the ongoing risks associated with DeFi platforms, particularly in the context of state-sponsored cybercrime.
What happened (in 30 seconds)
- On April 1, 2026, North Korean-affiliated Lazarus Group hackers executed a sophisticated social engineering attack, stealing approximately $285 million from Drift Protocol.
- The attack involved a six-month infiltration strategy, where hackers posed as quantitative traders and compromised multisig signers to drain user funds.
- Drift Protocol has since paused operations, with investigations ongoing and significant repercussions for the broader Solana ecosystem.
The context you actually need
- Lazarus Group is a notorious North Korean hacking collective known for funding the regime through cryptocurrency thefts, including previous high-profile hacks like the $600 million Ronin Network breach.
- Social engineering tactics were central to this exploit, involving prolonged engagement with Drift contributors and the use of malicious tools to gain access to sensitive information.
- The aftermath has seen a significant drop in Drift's token value and a ripple effect across interconnected Solana protocols, raising concerns about the stability of DeFi markets.
What's really happening
The Lazarus Group's attack on Drift Protocol is a stark reminder of the vulnerabilities inherent in decentralized finance systems. Over a six-month period, the hackers meticulously crafted a social engineering campaign that allowed them to infiltrate the Drift community. By posing as a legitimate quantitative trading firm, they built rapport with contributors at cryptocurrency conferences and through Telegram, ultimately onboarding an Ecosystem Vault with a deposit exceeding $1 million.
As the attack progressed, the hackers executed a series of technical maneuvers. They withdrew 10 ETH from Tornado Cash, created durable nonce accounts, and executed a zero-timelock Security Council migration. This careful preparation culminated in the minting of 750 million CarbonVote Tokens (CVT), which were then manipulated to appear as legitimate collateral through oracle manipulation. By listing the fake CVT as collateral, they were able to execute 31 withdrawals that drained $285 million in real assets within a mere 12 minutes.
The implications of this exploit extend beyond the immediate financial loss. It raises critical questions about the security protocols in place within DeFi platforms and the responsibilities of stablecoin issuers like Circle, which faced backlash for not freezing $230 million in bridged USDC. The incident has triggered a wave of scrutiny from law enforcement and blockchain analytics firms, as they work to trace the stolen funds and prevent future attacks.
Moreover, the attack has led to a broader contagion effect within the Solana ecosystem, with over 20 interconnected protocols pausing operations amid fears of further vulnerabilities. The fallout from this incident could lead to increased regulatory oversight and a reevaluation of security measures across the DeFi landscape, impacting how investors and developers approach decentralized finance in the future.
Who feels it first (and how)
- Investors in DeFi: Those holding assets in Drift Protocol and related platforms face immediate financial losses and diminished trust in DeFi systems.
- Developers and contributors: Individuals involved in the Solana ecosystem may experience job insecurity and reputational damage as protocols reassess their security measures.
- Stablecoin issuers: Companies like Circle may face increased regulatory scrutiny and pressure to implement stricter controls on asset management.
What to watch next
- Regulatory responses: Watch for potential new regulations targeting DeFi platforms and stablecoin issuers as governments react to the incident.
- Security enhancements: Monitor how blockchain firms and protocols adapt their security measures in response to this exploit, particularly regarding social engineering defenses.
- Market reactions: Keep an eye on the performance of Drift Protocol and other Solana-based projects, as investor confidence may waver in the wake of this significant breach.
The Lazarus Group is responsible for the attack, and the total value drained is approximately $285 million.
Increased regulatory scrutiny and security enhancements across DeFi platforms will follow this incident.
The long-term impact on investor confidence in DeFi and the potential for further attacks from state-sponsored actors remains uncertain.
Insights by A47 Intelligence
Real-time updates, analysis, and reports on the blockchain and cryptocurrency sectors.
"Crypto News delivers real-time updates, analysis, and reports on the blockchain and cryptocurrency sectors."
— A47 Editor
The $290 Million KelpDAO Hack Linked to North Korea Wiped $13 Billion From DeFi in Two Days
A significant security breach on KelpDAO's cross-chain bridge on April 18 resulted in a loss of approximately $290 million, attributed to North Korea's Lazarus Group. This exploit triggered a massive downturn in the decentralized finance (DeFi) secto...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
The Protocol: Kelp DAO exploited for $292 million
Kelp DAO has suffered a significant exploit resulting in the loss of approximately $292 million, primarily through a vulnerability in its LayerZero-powered bridge. This incident has raised alarms within the decentralized finance (DeFi) sector, highli...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
The $292 million Kelp DAO exploit shows why crypto bridges are still one of the industry's weakest links
The Kelp DAO suffered a major exploit, resulting in the loss of approximately $292 million from its LayerZero-powered bridge, with 116,500 rsETH drained, which constitutes about 18% of the circulating supply. This incident has raised serious concerns...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"Cointelegraph is a leading crypto-focused media outlet known for timely news, analysis, and educational content related to blockchain and digital assets."
— A47 Editor
North Korea tied to heists worth $578M in April after Kelp DAO exploit
North Korea has been linked to cryptocurrency thefts totaling $578 million in April, primarily following the exploit of Kelp DAO, which suffered a significant breach resulting in the loss of approximately $292 million. This incident underscores the o...
Covers Bitcoin plus altcoin news, market updates, and educational resources.
"Bitcoin.com provides news, market data, and guides focused on Bitcoin and the wider crypto industry."
— A47 Editor
Certik Analyst: KelpDAO Exploit Reveals High-Stakes Shift in Cross-Chain Cybercrime
A significant exploit involving KelpDAO has resulted in losses exceeding $292 million, primarily affecting its rsETH bridge and leading to the suspension of related markets by Aave. The breach is attributed to vulnerabilities in LayerZero's infrastru...
News and analysis on Bitcoin, altcoins, and blockchain innovation.
"Bitcoinist delivers news and analysis on Bitcoin, altcoins, and blockchain innovation with a focus on market trends and industry updates."
— A47 Editor
Kelp DAO Hacker Just Moved $175 Million In Ethereum And Started Laundering It – Here Is What We Know
A significant exploit occurred at Kelp DAO, where an attacker drained approximately $292 million from its LayerZero-powered bridge, leading to Arbitrum's Security Council freezing $71 million in stolen funds. The hacker has since moved $175 million i...
Research, news, and analysis on blockchain startups, DeFi, and regulations.
"Crypto Briefing provides research, news, and analysis on blockchain startups, DeFi, and crypto regulations with investor-focused coverage."
— A47 Editor
North Korea’s Lazarus Group launders $290M in crypto via Ethereum, Bitcoin
North Korea's Lazarus Group has laundered approximately $290 million in cryptocurrency through Ethereum and Bitcoin, highlighting significant vulnerabilities in decentralized finance (DeFi) systems. This incident underscores the ongoing challenges in...
Bitcoin news, technical analysis, and forecasts across crypto markets.
"NewsBTC covers Bitcoin news, technical analysis, and forecasts across crypto markets and major blockchain projects."
— A47 Editor
Arbitrum Freezes KelpDAO Hack Funds, Exposing Crypto’s Biggest Lie
Arbitrum's Security Council has frozen 30,766 ETH, valued at approximately $71 million, linked to the KelpDAO exploit, moving the funds to an intermediary wallet that requires further governance action to unlock. This emergency measure was taken with...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
Crypto's massive exploit may force big banks to rethink their blockchain plans, Jefferies warns
The Kelp DAO suffered a significant exploit, resulting in approximately $293 million being drained from its reserves due to vulnerabilities in its LayerZero-powered bridge. This incident has raised alarms regarding the security of decentralized finan...
Research, news, and analysis on blockchain startups, DeFi, and regulations.
"Crypto Briefing provides research, news, and analysis on blockchain startups, DeFi, and crypto regulations with investor-focused coverage."
— A47 Editor
North Korea’s Lazarus Group steals $285M from Solana’s Drift Protocol
North Korea's Lazarus Group has reportedly stolen $285 million from Solana's Drift Protocol, highlighting the ongoing threat of state-sponsored cybercrime in the cryptocurrency sector. This incident underscores the vulnerabilities within decentralize...
Consumer tech news, reviews, and buying guides for gadgets and electronics.
"TechRadar is known for comprehensive buying advice, hardware reviews, and consumer tech news targeted at mainstream audiences."
— A47 Editor
North Korea's Lazarus makes off with $290M crypto in Kelp DAO heist after siphoning funds using fraudulent transactions
The Lazarus Group, a North Korean cybercrime organization, has reportedly stolen $290 million in cryptocurrency from Kelp DAO by exploiting fraudulent transactions and taking control of servers used for transaction verification. This incident highlig...
Covers Bitcoin plus altcoin news, market updates, and educational resources.
"Bitcoin.com provides news, market data, and guides focused on Bitcoin and the wider crypto industry."
— A47 Editor
Lazarus Group Suspected of Moving $175M in ETH After Arbitrum Freezes $71M From KelpDAO Exploit
The Lazarus Group is suspected of transferring $175 million in Ethereum (ETH) following a significant exploit that led to Arbitrum freezing approximately $71 million linked to KelpDAO. This incident highlights vulnerabilities in decentralized finance...
Research, news, and analysis on blockchain startups, DeFi, and regulations.
"Crypto Briefing provides research, news, and analysis on blockchain startups, DeFi, and crypto regulations with investor-focused coverage."
— A47 Editor
$293M DeFi exploit hits Kelp/AAVE, raises systemic risk concerns
A significant exploit of the Kelp restaking platform has resulted in a loss of approximately $293 million, raising systemic risk concerns within the decentralized finance (DeFi) sector. This incident highlights the vulnerabilities present in DeFi pla...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"Cointelegraph is a leading crypto-focused media outlet known for timely news, analysis, and educational content related to blockchain and digital assets."
— A47 Editor
Kelp DAO attacker moves $175M in Ether after exploit: Arkham
The Kelp DAO attacker has moved $175 million in stolen Ether following a significant exploit that drained approximately $292 million from the platform's reserves, highlighting vulnerabilities in decentralized finance systems.
Covers Bitcoin plus altcoin news, market updates, and educational resources.
"Bitcoin.com provides news, market data, and guides focused on Bitcoin and the wider crypto industry."
— A47 Editor
KelpDAO Exploiter Moves 75,701 ETH to Mainnet, Begins Routing $175M to Bitcoin
The KelpDAO exploiter has transferred 75,701 ETH to the Ethereum mainnet and is reportedly routing $175 million towards Bitcoin, following a significant security breach that resulted in losses exceeding $292 million. This incident has raised alarms a...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
KelpDAO hackers are laundering millions in stolen crypto, data show
KelpDAO hackers are reportedly laundering $290 million in stolen cryptocurrency across various blockchains, utilizing privacy tools to obscure their activities amidst growing concerns of contagion within the decentralized finance (DeFi) sector.
Bitcoin news, technical analysis, and forecasts across crypto markets.
"NewsBTC covers Bitcoin news, technical analysis, and forecasts across crypto markets and major blockchain projects."
— A47 Editor
Crypto Community Slams LayerZero: More Verifiers Won’t Stop The Next $290M Hack
LayerZero is under fire following a significant $290 million exploit of the KelpDAO platform, attributed to a single-verifier setup that failed to meet security recommendations. The attack, linked to North Korea's Lazarus Group, has raised alarms abo...
Bitcoin news, technical analysis, and forecasts across crypto markets.
"NewsBTC covers Bitcoin news, technical analysis, and forecasts across crypto markets and major blockchain projects."
— A47 Editor
AAVE Price Plummets By 26%: $9 Billion Net Outflows Traced To Kelp DAO Hack
A significant hack of the Kelp DAO, which drained approximately $292 million, has led to a 26% drop in the price of AAVE, the native token of the Aave protocol. This incident has resulted in a staggering $280 million in bad debt for Aave, as the stol...
Research, news, and analysis on blockchain startups, DeFi, and regulations.
"Crypto Briefing provides research, news, and analysis on blockchain startups, DeFi, and crypto regulations with investor-focused coverage."
— A47 Editor
KelpDAO exploit exposes $290M in unbacked assets, AAVE freezes rsETH markets
The KelpDAO exploit has exposed approximately $290 million in unbacked assets, leading to AAVE freezing its rsETH markets. This incident highlights significant vulnerabilities within decentralized finance (DeFi) platforms, raising alarms about their ...
Research, news, and analysis on blockchain startups, DeFi, and regulations.
"Crypto Briefing provides research, news, and analysis on blockchain startups, DeFi, and crypto regulations with investor-focused coverage."
— A47 Editor
Kelp DAO blames $292M rsETH exploit on LayerZero breach, Lazarus Group involved
Kelp DAO has reported a significant exploit resulting in a loss of approximately $292 million from its rsETH bridge, attributing the breach to vulnerabilities in LayerZero's infrastructure and involvement from the North Korean Lazarus Group.
Bitcoin news, technical analysis, and forecasts across crypto markets.
"NewsBTC covers Bitcoin news, technical analysis, and forecasts across crypto markets and major blockchain projects."
— A47 Editor
A $292M Hack Created $200M In Bad Debt On Aave: Here Is What That Means For Users
Aave is grappling with a significant crisis following a $292 million hack that exploited a vulnerability in Kelp's bridge, leading to the creation of approximately $200 million in bad debt on its platform. The exploit allowed attackers to use stolen ...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
North Korea’s crypto heist playbook is expanding and DeFi keeps getting hit
North Korea has expanded its cyber operations, reportedly siphoning over $500 million through exploits on the Drift and Kelp decentralized finance platforms within a short span of two weeks. These incidents highlight a shift from isolated breaches to...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
Aave could face up to $230 million in losses after Kelp DAO bridge exploit triggers DeFi chaos
Aave is facing potential losses of up to $230 million following a significant exploit of the Kelp DAO bridge, which drained approximately $292 million from its reserves. The report outlines two scenarios for the impact on Aave, depending on how the s...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
Bitcoin bounces above $76,000 as DeFi suffers $14 billion exodus after KelpDAO hack
Bitcoin has bounced back above $76,000 amidst rising tensions in Iran, while the decentralized finance (DeFi) sector is experiencing a significant downturn following the KelpDAO hack, which has led to a staggering $14 billion exodus.
Research, news, and analysis on blockchain startups, DeFi, and regulations.
"Crypto Briefing provides research, news, and analysis on blockchain startups, DeFi, and crypto regulations with investor-focused coverage."
— A47 Editor
$280M KelpDAO exploit raises DeFi security concerns, impacts Solana markets
The KelpDAO exploit has resulted in a significant loss of approximately $280 million, raising serious concerns about the security vulnerabilities within decentralized finance (DeFi) infrastructure and its potential impact on investor confidence and m...
News and analysis on Bitcoin, altcoins, and blockchain innovation.
"Bitcoinist delivers news and analysis on Bitcoin, altcoins, and blockchain innovation with a focus on market trends and industry updates."
— A47 Editor
What The Kelp DAO’s $292 Million Hack Means For XRP Holders Earning Yield
A significant security breach occurred at Kelp DAO over the weekend, where an attacker exploited the LayerZero-powered bridge, resulting in the loss of approximately $292 million in tokens. This incident marks one of the largest hacks in decentralize...
Startup news with frequent AI coverage.
"Covers launches, funding, and product updates in AI."
— A47 Editor
North Korea hackers blamed for $290M crypto theft
North Korean hackers have been implicated in a significant cyber theft, draining approximately $290 million from Kelp DAO's LayerZero-powered cross-chain bridge. This incident marks one of the largest cryptocurrency heists of the year, prompting Kelp...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
Kelp DAO claims LayerZero’s 'default' settings are what actually caused the massive $290 million disaster
Kelp DAO has claimed that the recent $290 million exploit of its liquid restaking protocol was caused by LayerZero's default settings, which allowed a compromised verifier to drain funds. The incident has raised significant concerns about the securit...
Research, news, and analysis on blockchain startups, DeFi, and regulations.
"Crypto Briefing provides research, news, and analysis on blockchain startups, DeFi, and crypto regulations with investor-focused coverage."
— A47 Editor
LayerZero says North Korean Lazarus Group behind $292M Kelp DAO attack
LayerZero has reported that the North Korean Lazarus Group is behind the recent $292 million exploit of Kelp DAO, which involved a breach of its LayerZero-powered bridge. This incident has raised significant concerns regarding the security vulnerabil...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"Cointelegraph is a leading crypto-focused media outlet known for timely news, analysis, and educational content related to blockchain and digital assets."
— A47 Editor
LayerZero says Kelp setup enabled exploit, as Aave loss questions mount
LayerZero has reported that the recent $290 million exploit of KelpDAO was facilitated by a setup that did not adhere to multi-verifier recommendations, allowing attackers to compromise the system. This incident has raised significant concerns regard...
News and analysis on Bitcoin, altcoins, and blockchain innovation.
"Bitcoinist delivers news and analysis on Bitcoin, altcoins, and blockchain innovation with a focus on market trends and industry updates."
— A47 Editor
LayerZero Breaks Silence On $290 Million KelpDAO Crypto Exploit
LayerZero has addressed the recent $290 million exploit of KelpDAO, detailing how the incident unfolded and asserting that it was not a failure of their protocol. The exploit, which drained significant funds from KelpDAO's LayerZero-powered bridge, h...
Curated tech headlines including AI stories.
"Influential aggregator surfacing the day’s top tech/AI links."
— A47 Editor
LayerZero says North Korea's Lazarus is likely behind the $292M Kelp DAO exploit on April 18, which triggered $10B in outflows from Aave over bad debt concerns (Danny Park/The Block)
LayerZero has identified North Korea's Lazarus group as the likely perpetrator behind the $292 million exploit of Kelp DAO's LayerZero-powered cross-chain bridge, which occurred on April 18. This incident led to Kelp pausing all rsETH contracts after...
Research, news, and analysis on blockchain startups, DeFi, and regulations.
"Crypto Briefing provides research, news, and analysis on blockchain startups, DeFi, and crypto regulations with investor-focused coverage."
— A47 Editor
KelpDAO bridge hack drains $292M in largest DeFi exploit of 2026
The KelpDAO bridge hack has resulted in a staggering loss of $292 million, marking it as the largest exploit in decentralized finance (DeFi) for 2026. This incident has raised alarms about the security vulnerabilities inherent in interconnected crypt...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus
LayerZero has attributed a recent $290 million exploit of the Kelp restaking platform to a setup that ignored multi-verifier recommendations, allowing attackers to compromise two RPC nodes and DDoS the rest. The incident has been linked to North Kore...
Covers blockchain, cryptocurrency news, project analysis, and market insights.
"CoinDesk is a well-established cryptocurrency and blockchain news provider, offering comprehensive insights, market data, and industry research."
— A47 Editor
The $13 billion DeFi wipeout in two days, and it started with KelpDAO attack
The decentralized finance (DeFi) sector has experienced a significant downturn, with a total value locked (TVL) decline of approximately $13 billion within two days, primarily triggered by the KelpDAO exploit. This incident has led to substantial wit...