LayerZero says North Korea-linked hackers stole $290M from Kelp DAO by exploiting its bridge and a lax transaction verification setup—an escalation in the year’s biggest crypto thefts.
A $290 million cryptocurrency theft from Kelp DAO has sent shockwaves through the DeFi ecosystem—especially after LayerZero pointed directly at a North Korea-linked hacking group.
The incident. reported over the weekend and followed by updates on Monday. is now being framed as the largest crypto theft of the year so far. surpassing a major April breach at exchange Drift.. At the center of the case is Kelp DAO. a protocol designed to let users earn yields on idle crypto holdings.. When the funds were drained. the impact went beyond one company’s balance sheet: it exposed how quickly trust can unravel when DeFi infrastructure is stitched together through complex cross-chain pathways.
According to LayerZero. the attackers targeted Kelp DAO through its LayerZero bridge. the mechanism that enables different blockchains to exchange instructions.. In LayerZero’s account. the hackers didn’t just find a single weak spot; they combined access with a configuration gap inside Kelp’s own security settings.. Specifically, LayerZero said Kelp’s setup approved transactions without multiple verifications, allowing fraudulent transaction flows to be processed.
LayerZero also pointed to what it called “preliminary indicators” that point toward North Korea. linking the activity to the TraderTraitor hacking group.. That attribution matters because North Korean crypto theft is not new. and it has consistently followed a pattern: systematic targeting of high-value crypto infrastructure. often with a focus on getting funds out quickly once a vulnerability is discovered.
Kelp DAO’s response, however, shifted the blame to LayerZero, saying LayerZero was responsible for the theft.. In practical terms. this is where DeFi incidents often become more than technical failures; they become disputes over accountability across shared infrastructure.. When a bridge and a protocol rely on each other. the “who failed first” question can get complicated fast. and users—who usually just want withdrawals to work—end up caught in the middle.
For everyday investors and liquidity providers, the human impact shows up in the most basic way: uncertainty.. DeFi users routinely move assets across networks to pursue yields, and bridges are a key part of that movement.. When a bridge-connected protocol is compromised. it can freeze access. delay withdrawals. and force holders to reassess risk assumptions that previously felt routine.
From an industry perspective. this incident also underlines a broader trend: DeFi security is increasingly a systems problem. not a single-contract issue.. Bridges sit at the fault line between ecosystems, translating intent from one chain to another.. If verification steps are missing—or if trust boundaries aren’t strict enough—attackers can exploit the flow of authorization itself. not just the code that executes transactions.
The dispute between LayerZero and Kelp DAO may become a proxy battle for a more fundamental question: how should cross-chain protocols structure approvals. confirmations. and safeguards when multiple parties control different parts of the transaction pipeline.. If Kelp’s transaction verification relied on assumptions about upstream behavior. critics will likely argue that relying on those assumptions is precisely how large losses happen.
This theft lands in a wider backdrop of persistent North Korean involvement in crypto theft.. In recent years. hackers linked to Kim Jong Un’s regime have repeatedly been linked to major thefts. with reported totals over multiple years far larger than any single headline case.. That history changes how the market reads new attacks: rather than treating each breach as isolated. participants increasingly assume a determined. resource-backed threat actor may be retooling tactics and targeting fresh infrastructure.
There’s also a market timing element.. The crypto space has seen high-profile breaches that collectively resemble a cycle: a vulnerability is found. funds are siphoned. and then the ecosystem scrambles to patch. attribute. and rebuild confidence.. With Kelp DAO now under scrutiny and LayerZero’s bridge design and verification approach in focus. the follow-up period—incident review. possible mitigations. and any changes to cross-chain approval flows—could shape how other protocols adjust their security posture in the months ahead.
For now. the key takeaway for readers is straightforward: cross-chain DeFi makes value portable. but it also makes risk transferable across systems.. As LayerZero and Kelp DAO argue over responsibility. users and developers are likely to watch closely for what changes next—because the biggest lesson from a $290 million theft is not only how it happened. but how quickly the ecosystem can prevent the next version of the same failure mode.
Live Nation settlement: $8.9M customer refunds—are you eligible?
7-Eleven plans store closures: 645 North America sites to close