The well-known North Korean hacker group Lazarus (or APT38) has carried out a significant crypto asset theft, stealing approximately $290 million in cryptocurrencies from the decentralized finance (DeFi) protocol Kelp DAO.
The attack, which occurred over the weekend, has become the largest cryptocurrency theft so far this year.
Kelp DAO is a DeFi protocol that allows users to earn returns on their idle cryptocurrencies. The attack is believed to have occurred through the LayerZero infrastructure, a system that enables communication between different blockchains.
The threat actors exploited a vulnerability in cross-chain transaction verification, manipulating the system to approve fraudulent transfers. This allowed them to drain funds without the system detecting the fraud.
“The attacker managed to access the RPC list used by our DVN, compromising two of them (independent nodes running in separate clusters with no direct connection between them) and swapping the binaries running the op-geth nodes. Thanks to our principles of least privilege, they couldn’t compromise the DVN instances. However, they used this access point to execute an RPC impersonation attack,” explained the service.
Not content with the loot, the hackers made a second theft attempt worth $95 million (they acquired about 40,000 rsETH), which was thwarted. After the first attack, the platform had frozen activity and blocked wallets, making this second attempt unsuccessful.
Following the attack, a dispute arose between the two platforms involved. LayerZero pointed out that the problem was in Kelp DAO’s configuration, specifically in its verification system. For its part, Kelp DAO blamed LayerZero’s infrastructure.
A funding source for Pyongyang
This type of incident is not new. In recent years, APTs linked to North Korea have stolen billions in cryptocurrencies, which according to United Nations reports are used to finance military and weapons programs.
Chainalysis, one of the leading blockchain forensic analysis firms, estimates that these groups working for the country have stolen up to $6.75 billion in crypto assets to date.
