- North Korean hackers stole $577 million, or 76% of all crypto hacks, in April 2026 through Drift Protocol and KelpDAO assaults.
- Refined social engineering and flaws within the single validator bridge enabled a fast high-value exfiltration.
- These assaults reveal North Korea’s dominance in crypto theft and will immediate pressing DeFi safety upgrades.
North Korean hackers stole roughly $577 million within the first 4 months of 2026. This accounts for 76% of the full crypto hacking worth from simply two assaults. On April 1st, $285 million was leaked from Solana’s Drift protocol, and on April 18th, $292 million was leaked from KelpDAO’s LayerZero bridge. The superior operations primarily mixed social engineering through THORChain, sturdy nonces, RPC poisoning, and fast laundering.
North Korea steals $577 million in cryptocurrency hack in April 2026
On April 30, 2026, TRM Labs reported that North Korean hacking teams accounted for 76% of all cryptocurrency hacking losses by way of April 2026, and that this was completed in simply two high-impact operations reasonably than a lot of assaults.
Particularly, hackers breached Drift Protocol on April 1st and stole $285 million, and exploited the KelpDAO bridge on April 18th to extract a further $292 million. These incidents symbolize solely 3% of all hacks recorded this 12 months, however account for 80% of complete theft.
sauce: TRM Labs
This sample highlights hackers’ constant technique of valuing accuracy over amount. Since 2017, their cumulative cryptocurrency theft is now over $6 billion, and their share of complete losses has steadily elevated from lower than 10% beforehand to 76% by early 2026.
Superior social engineering and bridge vulnerabilities result in assaults
The Drift Protocol assault required months of intensive preparation, together with in-person social engineering conferences with protocol workers and three weeks of on-chain staging. Attackers exploited Solana’s sturdy nonce performance to acquire pre-signed authorization from the Safety Council’s multisig and manipulate oracles by creating pretend CarbonVote tokens by way of wash transactions. They executed 31 withdrawals in roughly 12 minutes, draining $285 million from property together with USDC and JLP.
Moreover, the KelpDAO assault focused the rsETH LayerZero bridge on Ethereum by compromising inner RPC nodes and launching DDoS assaults in opposition to exterior nodes. This compelled the system to depend on contaminated knowledge sources. The only verifier setup then licensed fraudulent write messages that by no means occurred, permitting for the exfiltration of roughly 116,500 rsETH value $292 million.
What’s subsequent?
These assaults reveal North Korea’s dominance in crypto theft and present how state actors are refining extremely focused strategies for governance mechanisms and cross-chain bridges, elevating the bar throughout the trade.
As these superior operations proceed, the trade is more likely to endure pressing and widespread safety and compliance upgrades. In response to a report by Chainalies, North Korea-related theft will attain a file stage of $2 billion in 2025-early 2026, and consultants predict that if present tendencies in social engineering, AI-assisted assaults, and vulnerability bridges proceed, annual state-funded cryptocurrency theft may exceed $3 billion to $4 billion by 2027-2028.
In the meantime, Polymarket merchants now estimate that a number of further hacks exceeding $100 million are virtually sure (100% sure) by the tip of 2026, whereas broader trade evaluation warns that assault frequency is rising as a consequence of geopolitical wants and advances in instruments resembling deepfakes and autonomous AI brokers.
Due to this fact, the approaching months may very well be a significant turning level in how DeFi tasks method safety structure and regulatory alignment. Protocols should transfer rapidly to implement time-locked multisig configurations, multiverifier bridge architectures, stronger RPC node safety, and real-time on-chain monitoring programs.
Associated: KelpDAO, DeFi exploits to prime $775 million in 2026 as a consequence of drift lead losses
Disclaimer: The data contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any sort. Coin Version shouldn’t be liable for any losses incurred on account of the usage of the content material, merchandise, or providers talked about. We encourage our readers to carry out due diligence earlier than taking any motion associated to our firm.