World

North Korean hackers tied to $290M crypto heist, firm says

By Thomas Maresca World News - UPI.com
North Korean-linked hackers were likely behind the theft of hundreds of millions of dollars in cryptocurrency over the weekend, a blockchain technology firm said. File Photo by Stephen Shaver/UPI
North Korean-linked hackers were likely behind the theft of hundreds of millions of dollars in cryptocurrency over the weekend, a blockchain technology firm said. File Photo by Stephen Shaver/UPI

SEOUL, April 22 (UPI) -- North Korean-linked hackers were likely behind the theft of hundreds of millions of dollars in cryptocurrency over the weekend, a blockchain technology firm said, marking the latest in a series of high-profile cyber heists tied to Pyongyang.

KelpDAO, a decentralized finance platform that allows users to earn yield on crypto deposits, confirmed Tuesday its systems were breached in an April 18 attack that siphoned digital assets from its platform.

The company said a token linked to the Ethereum cryptocurrency was drained through a forged cross-chain message after parts of the underlying infrastructure were compromised.

The system relies on LayerZero, a blockchain interoperability protocol that enables communication between different networks.

"On April 18, 2026, KelpDAO was exploited for approximately $290 million," LayerZero said in a statement Monday. "Preliminary indicators suggest attribution to a highly sophisticated state actor, likely DPRK's Lazarus Group."

The Democratic People's Republic of Korea is the official name of North Korea.

Lazarus, a North Korean state-backed hacking group, has been tied to a string of large and increasingly sophisticated cyber thefts. In February 2025, the group stole about $1.5 billion from the cryptocurrency exchange Bybit, in what the FBI described as the largest single heist on record.

Authorities say such operations are a key source of revenue for North Korea, which faces sweeping international sanctions over its nuclear weapons and ballistic missile programs.

A now-disbanded U.N. panel of experts estimated in a 2024 report that illicit cyber activity accounted for about 40% of funding for Pyongyang's weapons programs.

The U.S. Treasury Department said in November that North Korea had stolen more than $3 billion over the previous three years through cyberattacks targeting financial institutions and cryptocurrency platforms.

The North has also turned to illicit IT work to raise funds. Last week, a federal court sentenced two Americans for their roles in a scheme that enabled North Korean IT workers to infiltrate more than 100 U.S. companies using stolen identities, generating millions of dollars for the regime.

LayerZero said the breach was limited to KelpDAO's configuration and did not affect other applications on its network.

However, the hack sent shockwaves through the decentralized finance sector. More than $13 billion was wiped from total value locked across DeFi platforms in the two days following the breach, digital currency news site CoinDesk reported.

Copyright 2026 UPI News Corporation. All Rights Reserved.

This story was originally published April 22, 2026 at 5:14 AM.

Get unlimited digital access
#ReadLocal

Try 1 month for $1

CLAIM OFFER