Vetted by NeuralPress's Multi-Agent Verifier for strict factual validity and event relevance. Our compliance engine cross-checks and filters search results to ensure zero false correlations or misleading content.
Crypto Theft Comparison 2026
Comparison of major crypto security breaches in 2026
Primary Sources
North Korea hackers blamed for $290M crypto theft - TechCrunch
In Brief Posted: 10:04 AM PDT · April 20, 2026 Image Credits:KCNA VIA KNS / AFP / Getty Images Over the weekend, hackers stole more than $290 million in cryptocurrency from Kelp DAO, a protocol that allows users to earn yields on idle crypto investments. By Monday, LayerZero, one of the projects affected by the hack, accused North Korea of carrying out the heist. The hack is now the largest crypto theft of the year so far, following an earlier hack at crypto exchange Drift in April netted hackers around $285 million. Per its post on X, LayerZero said the hackers exploited Kelp DAO via its LayerZero bridge, which allows different blockchains to send instructions to each other. The hackers then took advantage of Kelp’s own security configuration, which did not require multiple verifications before approving transactions. That allowed the hackers to siphon off the funds with fraudulent transactions. The company cited “preliminary indicators” that point to North Korea as the culprit, in particular its hacking group that targets crypto known as TraderTraitor. Kelp DAO responded to LayerZero blaming it for the theft instead. In the last few years, North Korean hackers working for Kim Jong Un’s regime have become highly successful at stealing crypto. Last year, North Korean hackers stole more than $2 billion in crypto. Overall, since 2017, the total amount of stolen crypto by North Korea is said to be around $6 billion. Topics Subscribe for the industry’s biggest tech news Latest in Security
Kelp DAO Hack Explained: $292M Stolen Across 20+ Blockchains
Key Takeaways: Hackers stole $292 million from Kelp DAO, affecting users across 20+ blockchains. Stolen tokens were used to borrow more funds, spreading losses across multiple DeFi platforms. The attack is linked to North Korea’s Lazarus Group, highlighting major crypto security risks. Hackers stole about $292 million from Kelp DAO’s cross-chain bridge on 18 April 2026, making it the year’s largest decentralized finance (DeFi) hack of the year so far. A cross-chain bridge is a system that enables different blockchains to communicate and transfer crypto assets. Kelp DAO is a liquid restaking platform — a service where users deposit liquid staking tokens (LSTs), such as the Lido Staked Ether (stETH) to earn additional rewards. In return, they receive a tradable token called rsETH that represents their deposited funds. Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate. We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA. We will keep you… — Kelp (@KelpDAO) April 18, 2026 The attack led to the theft of about 116,500 rsETH, around 18% of all tokens in circulation, and impacted users across more than 20 blockchain networks, including Base, Scroll, Linea, Arbitrum, and Mantle. 🚨 $293M EXPLOIT DETECTED: Cyvers AI systems have identified a massive attack on @KelpDAO . Our platform flagged the breach in real-time, tracking ~$293.7M drained from the protocol's RSETH Adapter. Currently, ~$250M has already been swapped to $ETH and is held across two… pic.twitter.com/E2bnoZh0Eu — 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 18, 2026 How the attack worked The breach targeted Kelp’s bridge, which is built on LayerZero. Attackers first took control of its two key servers (specialized computers that run the system), then disabled the remaining servers with a distributed denial-of-service (DDoS) attack, a method that overwhelms the system with traffic, causing it to stop working. With only the two compromised servers left running, the system relied on them for verifications. These servers sent false information to LayerZero, which led it to approve a fake transaction. As a result, 116,500 rsETH tokens were transferred to a crypto wallet controlled by the attacker at 17:35 UTC on 18 April. The attacker’s wallet had been funded for the hack about 10 hours earlier using Tornado Cash, a tool often used to hide the origin of...
Kelp DAO $290 Million DeFi Hack Blamed on Single-Verifier Setup and ...
Kelp DAO lost $290M after attackers linked to North Korea's Lazarus Group exploited a single-verifier bridge, spreading losses across nine DeFi protocols including Aave. Kelp DAO was exploited for around $290-293 million after attackers compromised RPC nodes used by LayerZero's verifier ...
Crypto Hack: Kelp DAO $290M Exploit Linked to Verifier Flaw
6 hours ago ... With the hacker's activities placing undue pressure on other systems, such as Aave, the protocol was forced to contend with bad debt and exposure to the stolen ...
