Over the weekend, hackers stole more than $290 million in cryptocurrency from Kelp DAO, a protocol that enables users to earn yields on idle crypto investments. By Monday, LayerZero, one of the projects impacted by the breach, publicly accused North Korea of orchestrating the heist. The incident has become the largest cryptocurrency theft of the year to date, surpassing an earlier April hack at crypto exchange Drift that netted hackers approximately $285 million.
According to LayerZero’s post on X, the attackers exploited a vulnerability in Kelp DAO’s integration with the LayerZero bridge, a technology that facilitates communication and transaction instructions between different blockchains. The hackers then leveraged Kelp DAO’s security configuration, which lacked multi-signature verification requirements before approving transactions. This allowed them to siphon off funds through fraudulent transactions.
LayerZero cited “preliminary indicators” pointing to North Korea as the perpetrator, specifically implicating its hacking group known as TraderTraitor, which has a track record of targeting cryptocurrency platforms. In response, Kelp DAO pushed back, placing blame on LayerZero for the theft.
North Korean hackers affiliated with Kim Jong Un’s regime have become increasingly adept at stealing cryptocurrency in recent years. In 2022 alone, they reportedly stole over $2 billion in crypto assets. Since 2017, the cumulative amount of cryptocurrency stolen by North Korean actors is estimated to be around $6 billion.
The Kelp DAO breach underscores the growing sophistication of state-sponsored cybercriminal operations and the persistent vulnerabilities in cross-chain infrastructure. As blockchain interoperability expands, so too does the attack surface for malicious actors. The incident has reignited calls within the crypto industry for stricter security protocols, including mandatory multi-signature approvals and enhanced auditing of bridge technologies.
