Atlas21
  • ‎
No Result
View All Result
Atlas21
No Result
View All Result
Atlas21
Home Bitcoin

North Korea: Lazarus Group strikes DeFi again with Kelp exploit

Newsroom by Newsroom
June 24, 2026
in Bitcoin
Corea del Nord: Lazarus Group colpisce ancora il settore DeFi con Kelp
Share on FacebookShare on TwitterShare on Linkedin

Over $500 million stolen in just over two weeks through the Drift and Kelp exploits, in what experts describe as an organized state-sponsored campaign.

Lazarus Group, the hacker collective linked to North Korea, has once again struck the DeFi sector with an exploit targeting Kelp, a restaking protocol integrated into LayerZero‘s cross-chain infrastructure. The attack came less than three weeks after the compromise of Drift, the crypto trading platform, also attributed to North Korean hackers. Combined, the two incidents resulted in over $500 million stolen in just over two weeks.

The attack on Kelp did not require breaking any encryption. The attackers manipulated input data fed into the system, tricking it into approving transactions that never actually took place. “The security failure is simple: a signed lie is still a lie,” said Alexander Urbelis, CISO and General Counsel of ENS Labs. “Signatures guarantee authorship, not truthfulness.” In essence, the system verified who sent the message – not whether the content was accurate.

A central element of the breach was a configuration choice: Kelp relied on a single verifier to approve cross-chain messages, a faster solution but one lacking a critical layer of security. “This attack was not about cryptography,” explained David Schwed, COO of blockchain security firm SVRN. “It was about how the system was configured.” LayerZero subsequently recommended the use of multiple independent verifiers, similar to requiring multiple signatures on a bank transfer. Schwed, however, challenged this position: “If you’ve identified a configuration as unsafe, don’t make it an available option.”

The consequences of the exploit were not limited to Kelp. Lending platforms such as Aave, which accepted the affected assets as collateral, now face potentially significant losses. Aave’s report outlines two scenarios: approximately $123 million in losses if the damage is spread across all rsETH holders, or up to $230 million if confined to Layer 2s. Arbitrum has in the meantime frozen $71 million in ether linked to the exploit.

The evolution of the Lazarus Group’s strategy – from the social engineering used against exchanges such as Kraken to exploiting structural weaknesses in DeFi – indicates that the primary threat does not come from unknown vulnerabilities, but from those already known and not adequately addressed. As Schwed observes: “Security that depends on everyone reading the documentation and applying it correctly is not realistic.”

Previous Post

USA: Galaxy Digital’s Alex Thorn warns of CLARITY Act risks

Next Post

USA: Clarity Act still has a viable path in 2026

Latest News

Industry

Chat Control: EU Parliament fails to block its reinstatement, in force until 2028

by Newsroom
July 9, 2026
0

On 9 July, the motion to reject the reinstatement of voluntary scanning of communications fell short at 276 votes, against...

Read moreDetails
Bull Bitcoin porta DAC8 davanti al giudice: il primo ricorso contro la sorveglianza fiscale europea
Bitcoin

Bull Bitcoin takes DAC8 to court: the first legal challenge to Europe’s crypto tax surveillance

by Federico Rivi
July 8, 2026
0

The companies behind the Bull Bitcoin brand have challenged before the Conseil d'État the decree by which France implemented the...

Read moreDetails
Kraken vince arbitrato da 22 milioni contro Mazars
Industry

Kraken wins $22 million arbitration award against Mazars

by Newsroom
July 8, 2026
0

Payward secures the award after the auditor abandoned a nearly completed audit in 2022, under pressure from Operation Choke Point...

Read moreDetails
Nasce Radar Chat: fork di Signal con pagamenti Lightning nativi
Bitcoin

Radar Chat launches: a Signal fork with native Lightning payments

by Newsroom
July 8, 2026
0

The Cake Wallet team launches Radar Chat, an app combining end-to-end messaging and Bitcoin payments via Lightning Network, built on...

Read moreDetails
Polymarket abilita depositi Bitcoin via Lightning con Spark
Bitcoin

Polymarket enables Bitcoin deposits via Lightning with Spark

by Newsroom
July 8, 2026
0

The Spark protocol brings self-custodial deposits over Lightning Network to Polymarket, marking a concrete integration of the Bitcoin layer 2...

Read moreDetails
Atlas21

© 2026 Atlas21

Navigate Site

  • Editorial Policy
  • Cookie Policy
  • Privacy Policy
  • Team

Follow Us

No Result
View All Result
  • Bitcoin 101
    • What Is Bitcoin? A Complete Guide
    • Bitcoin Security: A Complete Guide
    • Bitcoin Privacy: A Complete Guide
    • Lightning Network: A Complete Guide
    • Bitcoin Mining: A Complete Guide
    • Advanced Bitcoin: A Technical Guide
  • Learn
  • Latest News
  • Interviews
  • Opinion
  • Feature
  • B2B Services
  • About Us
  • Contacts

© 2026 Atlas21

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site, we will assume that you are happy with it.