A group of hackers linked to the regime Kim Jong Un executed one of the largest cryptocurrency heists of the year with a hit of More than $290 million stolen from Kelp DAOa platform that allows users to earn returns on their idle crypto investments. And the worst part is that this is no surprise.
LayerZeroone of the projects directly affected by the hack, blamed North Korea for being behind the attack. What started as a quiet weekend in the crypto world ended up becoming the biggest cryptocurrency theft of the year to date.
How did they manage to carry out the million-dollar robbery?
What the hackers did has a fairly clear technical logic, although that doesn’t make it any less worrying. According to LayerZero, the attackers exploited a “bridge” or bridge between chainswhich is basically the system that allows different blockchains to communicate with each other.
The problem was twofold: on the one hand, hackers found a vulnerability in the LayerZero bridge. On the other hand, the security configuration of Kelp DAO It didn’t require multiple verifications before approving transactions, which in the crypto world is like leaving your bank’s door ajar. That deadly combination allowed the attackers will drain funds with fraudulent transactions without further resistance.
The security firm Cyvers estimated that at least nine other platforms were affected, making it what they called “a cross-protocol contagion event” and not just an isolated attack. To make things even more chilling, Cyvers’ CTO revealed that the protocol was just three minutes away from losing another additional $100 millionand it was a quick blacklist that blocked the attacker’s second attempt.
LayerZero specifically targeted the group TraderTraitor as the possible author of the theft, a team of North Korean hackers specialized in attacking the crypto ecosystem. Kelp DAO, for its part, responded by blaming LayerZero for the incident. In short: a fight of pointing fingers while the thieves already ran with the money.
North Korea has been stealing crypto on an industrial scale for years
This theft of $290 million is impressive, but in North Korea’s history it is almost routine. Since 2017, the total amount of cryptocurrencies stolen by North Korean hackers is around $6 billion. That is not opportunistic piracy, that is a national industry financed by the State.
Just last year, these groups stole more than $2 billion dollars in cryptocurrencies in multiple coordinated attacks. And in February 2025, the FBI officially linked North Korea to the hacking of Bybitthe platform that lost $1.5 billion in Ethereum in one fell swoop—a blow that for months held the record as the largest cyber theft in history.
The tactics used by the regime are not always the same. They have used phishingsupply chain compromise and private key theft. In the case of Bybit, hackers managed to intercept a cold wallet—which has no internet connection and was considered the most secure method of crypto storage—during a routine transfer. An operation of surgical precision.
Why is North Korea attacking the crypto world so effectively?
The short answer is because no one can stop them easily. Kim Jong Un’s regime is subject to severe international sanctions that prevent it from accessing the traditional financial system, so cryptocurrencies have become its predominant source of foreign currency to finance its missile and nuclear weapons programs.
Unlike traditional bank robberies, crypto transactions are difficult to reverse. And although blockchain experts can track where the funds go, recovering them is practically impossible once hackers start moving money through different wallets and decentralized exchange platforms. This Kelp DAO episode is just the latest in a long list of attacks that show that the DeFi ecosystem still has serious security vulnerabilities that state actors know how to exploit.
The most alarming thing of all is that The theft of $290 million from Kelp DAO occurred just weeks after a $285 million hack from Alternate Lopealso in April. That is, in a single month, hackers would have accumulated almost $575 million dollars. State-sponsored cybercrime is no longer a threat of the future, it is the reality of the present.
Keep reading:
• North Korea, behind global cyberattacks?
• North Korea created a special hacker division that uses AI to carry out attacks
• Hackers explain North Korea’s huge bitcoin reserve
