North Korea's Lazarus makes off with $290M crypto in Kelp DAO heist after siphoning funds using fraudulent transactions

News
By published

A lot of blame shifting between Kelp DAO and LayerZero

Cryptocurrencies
Image credit: Pixabay/vjkombajn (Image credit: vjkombajn/Pixabay)
  • Lazarus Group exploits LayerZero integration to steal $290M from Kelp DAO
  • Attackers compromised servers verifying cross‑chain transactions, feeding false data to approve fake transfers
  • LayerZero and Kelp DAO dispute blame

The infamous North Korean state-sponsored hacking group, Lazarus, has done it again. It successfully walked away with $290 million in cryptocurrency, after seemingly exploiting a Decentralized Autonomous Organization called Kelp DAO through a solution called LayerZero.

Kelp DAO is an organization that doesn’t have central management, or a CEO. All of the decisions are made collectively by members who hold governance tokens and vote on proposals. It was designed to allow users to earn yield on idle crypto investments.

LayerZero Labs, on the other hand, builds infrastructure that lets different blockchains communicate with each other. It is a vital part of the Web3 ecosystem, since different currencies operate on isolated networks. The DAO used LayerZero as a “messaging layer” between different blockchains.

Article continues below

Shifting blame

Lazarus Group apparently tricked the system by taking control of some of the servers used to verify transactions between blockchains. Then, they made fake transactions look real by feeding false data into the system and forcing it to trust the compromised servers, which allowed them to steal the funds.

After the incident, LayerZero took to X to explain what happened. In an in-depth report which you can read here, it essentially said the attackers exploited Kelp DAO’s setup.

“We have conducted a comprehensive review of active integrations on the LayerZero protocol. We can confirm with confidence that there is zero contagion to any other asset or application,” LayerZero said. “This incident was isolated entirely to KelpDAO's rsETH configuration as a direct consequence of their single-DVN setup.”

Kelp DAO, on the other hand, disagreed with the characterization that the incident was solely the result of its configuration.

While the two organizations shift blame around, Lazarus celebrates another successful heist. The organization has, for years, exploited vulnerable Web3 projects, bridges and DAOs, to steal funds and finance North Korea’s state apparatus and weapons programs.

Via TechCrunch

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.