$290 Million Kelp DAO Hack: North Korea Suspected

Post Views: 8

North Korean Hackers Drain $290 Million from Kelp DAO in Sophisticated Attack

A group linked to North Korea’s Lazarus Group has orchestrated a massive heist from the Kelp DAO DeFi protocol, draining approximately $290 million in cryptocurrencies.

According to LayerZero, “The attackers exploited a vulnerability in the ‘1-of-1 verifier configuration’ used by Kelp DAO to validate instructions, poisoning the verification process to drain funds.”

The attackers targeted LayerZero, the cross-chain messaging infrastructure that enables blockchains to send verified instructions, compromising and poisoning two of its Remote Procedure Calls (RPCs).

LayerZero attributes the heist to TraderTraitor, a subgroup within the Lazarus Group known for orchestrating numerous high-profile cryptocurrency heists.

Kelp DAO, on the other hand, places blame on LayerZero, citing that their systems were not operating the targeted infrastructure. The company maintains that it has operated on LayerZero infrastructure since January 2024 and has maintained open communication channels with the LayerZero team throughout.

In the aftermath of the attack, decentralized non-custodial liquidity protocol Aave reported that the hackers deposited the stolen funds into Aave v3 as collateral, borrowing wrapped Ether and creating $195 million in debt.

As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.

Law enforcement agencies have taken notice of the heist, with authorities launching operations to target multimillion-dollar crypto theft schemes. The incident serves as a stark reminder of the risks associated with DeFi protocols and the importance of implementing robust security measures to prevent such attacks in the future.