Lazarus Linked to $290M KelpDAO Exploit on April 18

Nearly $290 million was stolen from KelpDAO on April 18, 2026. This is the largest crypto exploit of 2026 so far.
By Newsroom | Cybersecurity, Finance |

NORTH KOREA'S Lazarus group is the primary suspect in the disappearance of approximately US$290 million from the decentralized finance (DeFi) platform KelpDAO. The incident, which transpired on April 18, 2026, saw a significant amount of cryptocurrency, specifically tokens tied to Ethereum, "drained" from KelpDAO's systems.

This marks 2026's largest cryptocurrency exploit to date, with the funds allegedly siphoned via manipulation of KelpDAO's cross-chain bridge.

North Korea’s Lazarus suspected of stealing US$290 million in KelpDAO cyberattack - 1

LayerZero, a provider for KelpDAO, stated in a release that the exploitation of KelpDAO’s setup, particularly its "rsETH configuration as a direct consequence of their single-DVN setup," was the method employed. This exploit facilitated the movement of digital assets between different blockchain networks.

Attribution and Funding Claims

While LayerZero pointed to KelpDAO’s configuration, the decentralized finance platform itself reportedly contested this explanation. Regardless of the finger-pointing, Lazarus is again implicated in a significant cryptocurrency theft.

Read More: AI cyber war: Attackers use AI, defenders fight back

North Korea’s Lazarus suspected of stealing US$290 million in KelpDAO cyberattack - 2

"On April 18, 2026, KelpDAO was exploited for approximately $290M." – LayerZero statement

Reports suggest that such sophisticated cybercrime operations are intrinsically linked to North Korea's broader efforts, with stolen cryptocurrency purportedly fueling its nuclear weapons development, as noted by a United Nations panel. This recent event is not an isolated incident; it follows other major cryptocurrency heists attributed to the Lazarus group, including a US$285 million incident just weeks prior.

The Landscape of Decentralized Finance

The exploitation of KelpDAO highlights vulnerabilities within the burgeoning 'decentralized finance' (DeFi) sector. DeFi's core tenet, which aims to remove traditional financial intermediaries like governments and banks from transactions through blockchain technology, also appears to present unique attack vectors. The incident on KelpDAO's cross-chain bridge, a critical component for inter-blockchain asset transfer, underscores the complex architecture and potential weak points inherent in these systems.

North Korea’s Lazarus suspected of stealing US$290 million in KelpDAO cyberattack - 3

The sheer scale of the alleged theft—close to US$300 million—positions it as a major event in the cryptocurrency landscape for the current year.

Read More: Matching Low Candlestick Pattern Seen in August 2021 Charts

Context: Lazarus Group and North Korea

The Lazarus Group, a clandestine cyber-espionage unit with alleged ties to the North Korean state, has been identified by various entities as a persistent threat in the global cybersecurity arena. Their modus operandi often involves sophisticated exploits targeting financial institutions and, more recently, the cryptocurrency ecosystem. The group's alleged capacity for such large-scale digital heists is considered by some observers to be unmatched globally, further fueling concerns about the financial resources available for state-sponsored activities.

Frequently Asked Questions

Q: Who is suspected of stealing $290 million from KelpDAO on April 18, 2026?
The Lazarus group, linked to North Korea, is the main suspect in the theft of about $290 million from the KelpDAO decentralized finance platform on April 18, 2026.
Q: How was the money taken from KelpDAO?
The funds were taken using a manipulation of KelpDAO's cross-chain bridge, which is used to move digital money between different blockchain networks. LayerZero, a KelpDAO provider, suggested the exploit targeted KelpDAO's specific setup.
Q: What does this mean for decentralized finance (DeFi)?
This large theft shows that DeFi systems, which aim to remove banks and governments from money deals, can have weak spots. The exploit on KelpDAO's bridge highlights risks in how different blockchains connect.
Q: Has Lazarus group done this before?
Yes, the Lazarus group has been linked to other major crypto thefts. This incident follows other large heists attributed to them, including a $285 million theft just weeks before this event.
Q: Why is this theft important?
The $290 million stolen makes this the biggest cryptocurrency exploit of 2026 so far. Reports suggest such thefts may help fund North Korea's nuclear weapons program.