5 hours ago
20
- $290M KelpDAO exploit linked to North Korea’s Lazarus Group
- Attack used advanced RPC poisoning instead of traditional exploits
- No wider contagion, but signals growing sophistication in DeFi threats
Another massive crypto exploit just hit the space, and this one feels… different. Around $290 million was drained from KelpDAO, with early indicators pointing toward North Korea’s Lazarus Group, which at this point has almost become a recurring name in these kinds of incidents.
But what really stands out isn’t just the size of the theft, it’s how it was done. This wasn’t a typical smart contract bug or phishing attack, it was something far more precise, and arguably more concerning.
A More Surgical Kind of Attack
The exploit reportedly used something called RPC poisoning, which is a lot less chaotic than it sounds. Instead of directly breaking into wallets or contracts, attackers manipulate the nodes that protocols rely on to communicate with the blockchain, essentially feeding them false data until funds get routed incorrectly.
It’s subtle, technical, and requires a deep understanding of infrastructure, which is why it’s often associated with well-funded, highly organized groups. This isn’t something most independent hackers could realistically pull off.
Lazarus Group Back in Focus
The involvement of Lazarus Group, if confirmed, fits a pattern that’s been building for years. The group has been tied to several major crypto exploits, including Ronin and Harmony, often targeting large pools of liquidity where a single breach can result in massive payouts.
International reports have repeatedly linked these operations to state-level funding strategies, which adds another layer of complexity. At that point, it’s not just about stolen funds, it becomes part of a much bigger geopolitical picture.
Contained Damage, But Bigger Implications
One piece of good news, if there is any, is that the damage appears to be contained. LayerZero confirmed that no other cross-chain applications or assets were affected, which, given the scale and method of the attack, is actually significant.
Still, the fact that this kind of exploit worked at all raises questions about how secure current infrastructure really is. If trust in RPC nodes can be compromised, the attack surface becomes much wider than many assumed.
A Wake-Up Call for DeFi Infrastructure
This incident highlights a shift in how attacks are being executed. It’s less about brute force and more about exploiting trust layers within the system, which can be harder to detect and prevent.
For users, it’s a reminder that risks don’t always come from obvious places. And for developers, it’s likely a signal that security models need to evolve, because the attackers clearly already have.
Disclaimer: BlockNews provides independent reporting on crypto, blockchain, and digital finance. All content is for informational purposes only and does not constitute financial advice. Readers should do their own research before making investment decisions. Some articles may use AI tools to assist in drafting, but every piece is reviewed and edited by our editorial team of experienced crypto writers and analysts before publication.
English (US) ·