North Korean Hackers Achieve New Personal Best in Annual Crypto Heist
North Korean hackers allegedly exploit a simple security flaw to steal a record $290M, continuing their multi-billion dollar crypto crime spree while the victims argue about who's to blame.
Over the weekend, hackers managed to liberate more than $290 million in cryptocurrency from Kelp DAO, a protocol that helps users earn yields on their idle crypto investments. It's a classic tale of someone finding a more 'active' use for your idle assets.
By Monday, LayerZero, one of the projects caught in the crossfire, had already pinned the blame on North Korea. This heist now proudly wears the crown for the largest crypto theft of the year, narrowly edging out an earlier $285 million hack at crypto exchange Drift in April. The competition is fierce, apparently.
In a post on X, LayerZero explained the mechanics: the hackers exploited Kelp DAO via its LayerZero bridge - a tool that lets different blockchains talk to each other. They then cleverly took advantage of Kelp's own security configuration, which thoughtfully did not require multiple verifications before approving transactions. This oversight allowed the hackers to siphon off the funds with fraudulent transactions in a remarkably straightforward fashion.
LayerZero cited 'preliminary indicators' pointing to North Korea, specifically naming its crypto-targeting hacking group, TraderTraitor. In a predictable twist, Kelp DAO responded by blaming LayerZero for the theft instead. The blame game: the only multiplayer mode that's always online.
In recent years, North Korean hackers working for Kim Jong Un's regime have built a remarkably successful side hustle in crypto theft. Last year alone, they pilfered more than $2 billion. Overall, since 2017, the total amount of crypto stolen by North Korea is estimated to be around $6 billion. At this rate, they might just hack their way to a developed economy.
The Good Times
News in your inbox.
One sardonic roundup, delivered on your schedule. Free. Unsubscribe whenever your tolerance for wit runs out.
Already subscribed but we never reach your inbox? Check your spam folder and hit 'Not spam' (or 'Remove from spam') to bust us out of junk-mail purgatory. You'll be helping everyone else too.
Don't open any of our emails for a month and you'll be automatically removed from the mailing list.
Rewrite Article
Select parts to regenerate with a fresh AI pass. Translations will be updated automatically.
Generate AI Image
Creates a sardonic version of the article image using OpenAI.