North Korean state-backed hackers (TraderTraitor/Lazarus) executed a nearly $300 million theft from Kelp DAO by compromising its cross-chain bridge. The attack vector involved compromising the protocol's transaction verification systems, manipulating downstream infrastructure, and launching a DDoS attack against its backups. The root cause was attributed to Kelp DAO's use of a single Decentralized Verifier Network (DVN), creating a single point of failure that allowed forged messages to be processed.
Threat Intelligence Major Kelp DAO cross-chain bridge theft attributed to North Korean hackers April 21, 2026 Share By SC Staff North Korean state-backed threat operation TraderTraitor, a subset of the Lazarus Group, was reported by cryptocurrency infrastructure developer LayerZero to have been behind the nearly $300 million crypto heist on major liquid restaking protocol Kelp DAO over the weekend that involved the compromise of its LayerZero-powered cross-chain bridge, according to The Record , a news site by cybersecurity firm Recorded Future. Only Kelp was affected by the intrusion, which involved the compromise of the firm's transaction verification systems, downstream infrastructure manipulation, and a distributed denial-of-service attack against its backups, noted LayerZero. LayerZero also blamed the liquid restaking protocol for the incident due to its usage of a lone Decentralized Verifier Network despite its repeated recommendations of a multi-DVN setup. "Operating a single-point-of-failure configuration meant there was no independent verifier to catch and reject a forged message," said LayerZero. Such findings were contested by a Kelp source, who noted LayerZero's assessment to mention the compromise of its own servers. SC Staff Related Threat Intelligence Guilt admitted by British hacker in $8M crypto theft scheme SC Staff April 21, 2026 BBC reports that British man Tyler Buchanan could face a maximum sentence of 22 years in prison after pleading guilty to a scheme that targeted the computer systems of around 12 companies and resulted in the theft of at least $8 million in cryptocurrency from U.S. victims. Data Security Over 400K records allegedly stolen from major Dutch webshop Bol, data leaked SC Staff April 21, 2026 Major Dutch online store Bol, which also operates in Belgium, had information from more than 400,000 of its Belgian users allegedly compromised by the hacker using the alias "Jeffrey Epstein," reports Cybernews. Application security Over 130K users’ browser data siphoned by illicit TikTok downloader extensions SC Staff April 21, 2026 HackRead reports that over a dozen malicious TikTok downloader extensions have allowed the clandestine compromise of more than 130,000 users' Google Chrome- and Microsoft Edge-stored data as part of the StealTok campaign, which has been underway for more than a year. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Deauthentication Attack Dictionary Attack Distributed Scans Drive-by Download DumpSec Dumpster Diving Fault Line Attacks Hybrid Attack Information Warfare Password Cracking You can skip this ad in 5 seconds