Crypto Infrastructure Company Blames $290 Million Theft on North Korean Hackers

The $290 million Kelp theft illustrates a growing vulnerability in decentralized finance: reliance on a single verification node. LayerZero’s Decentralized Verifier Networks are designed to route messages across blockchains, but when a platform like Kelp configures only one DVN, it creates a unilateral point of failure. The North Korean group TraderTraitor exploited this weakness, generating fake rsETH tokens that appeared legitimate to downstream protocols. By using the counterfeit tokens as collateral, the hackers siphoned real Ether and stablecoins from lending platforms, demonstrating how a single breach can cascade across the DeFi ecosystem.

Industry experts say the incident will accelerate adoption of multi‑DVN architectures, a best practice LayerZero has long advocated. Multi‑DVN setups distribute trust among independent verifiers, making it far harder for attackers to manipulate transaction data without detection. The post‑mortem also revealed a coordinated DDoS attack on backup systems, suggesting the perpetrators planned to suppress any real‑time alerts. As regulators scrutinize crypto’s systemic risk, firms are likely to face heightened pressure to implement redundant verification layers and robust monitoring tools to prevent similar exploits.

Beyond technical lessons, the theft adds to a pattern of state‑backed cyber‑theft that funds North Korea’s military ambitions. United Nations reports estimate the regime harvested over $2 billion in crypto raids last year alone. This persistent threat pushes governments and financial institutions to consider stricter AML/KYC enforcement and international cooperation. For investors, the episode serves as a reminder that even sophisticated DeFi protocols can be compromised, reinforcing the need for diversified risk management and vigilant oversight of underlying infrastructure.