North Korean hackers suspected in $300 million crypto theft

A North Korean-linked hacking group is suspected of carrying out a massive cryptocurrency theft worth nearly $300 million, according to an affected party and cyber security analysts. The incident, which occurred over the weekend, is being described as the largest known crypto heist of 2026 so far.

The targeted platform, KelpDAO, confirmed that approximately $290 million was drained from its vault on April 18, 2026. The exploit reportedly involved the compromise of two blockchain servers operated by LayerZero, a crypto infrastructure provider supporting cross-chain transactions. This breach allowed attackers to manipulate a token linked to Ethereum and siphon funds from KelpDAO.

LayerZero stated that early indicators point to a highly sophisticated state-backed actor, likely North Korea’s Lazarus Group, a hacking collective widely accused of orchestrating global cyber theft operations. The company clarified that there was no evidence of further contamination affecting other applications or cross-chain assets.

Cyberattack: Hackers broadcast AI-generated Trump-Musk video on state TV

North Korea has long been accused of using cybercrime as a major funding source for its weapons development programme. According to a United Nations monitoring panel, the country has stolen more than $3 billion in cryptocurrency since 2017. The Lazarus Group has previously been linked to several high-profile digital asset thefts, including one of the largest crypto heists in history last year.

Cybersecurity experts warn that the latest incident highlights growing vulnerabilities in decentralised finance (DeFi) platforms, which rely on blockchain technology to eliminate intermediaries such as banks and governments. Analysts say the scale and sophistication of such attacks may discourage new investors from entering the DeFi ecosystem.

While investigations are ongoing, experts believe attribution to state-backed actors remains the strongest working theory. The incident has renewed global concerns about the intersection of cybercrime, geopolitics, and digital finance security.