北韓與 4 月份 Kelp DAO 遭駭後價值 5.78 億美元的竊案有關

📄完整原文· 由 trafilatura 自動擷取5946 字

Kelp DAO suffered a $292 million hack on Saturday, overtaking Drift as the largest crypto exploit of the year so far. North Korea-linked hackers are suspected to be behind the attack. Kelp DAO said Monday that the exploit stemmed from a failure of cross-chain messaging protocol LayerZero’s infrastructure. LayerZero said the breach was enabled by Kelp DAO’s use of a single verifier configuration to approve cross-chain messages. LayerZero said that “preliminary indicators” attributed the exploit to TraderTraitor, a subgroup of North Korea’s state-backed hacking unit known as Lazarus Group. Blockchain investigator Tanuki42’s findings also found ties to TraderTraitor. Tanuki42 said Tuesday that funds stolen from the Kelp DAO incident have commingled with previous exploits linked to the same group. While North Korea’s cyber activity targeting decentralized finance platforms has accelerated in April, its tactics also pose a threat to companies and end users. North Korea’s crypto schemes back in focus The April Fools’ Day exploit on decentralized exchange Drift totaled $285 million, bringing suspected North Korea-linked crypto theft to at least $578 million across major incidents throughout the month. The two attacks are the largest crypto heists attributed to North Korean actors since the Bybit hack. By now, the crypto industry has caught on that DPRK-linked operatives pose as IT developers to secure remote jobs at tech companies. Security researchers and the United Nations say that this tactic generates millions of dollars to support North Korea’s weapons programs. Related: North Korean cyber spies are no longer just remote threats In March, the US Treasury Department sanctioned six individuals and two entities for their alleged roles in North Korean IT worker fraud schemes. The FBI also issued guidance in June, recommending that employers verify candidates’ professional history and require in-person meetings. However, the Drift exploit suggests Pyongyang’s cyber operatives are adapting. The DeFi platform said its contributors were approached in person by individuals posing as a quant trading firm at a major crypto conference in November. The attackers continued to communicate and build trust ahead of the breach. Smaller-scale attacks have continued in parallel. Crypto wallet provider Zerion said DPRK-linked actors used AI-assisted social engineering to steal about $100,000 in a separate incident. North Korea rarely responds to such accusations, though its foreign ministry issued a statement in May 2020 denying involvement in cyberattacks and accusing the United States of attempting to tarnish its image. Retail crypto scams surge as DPRK tactics spill over The Federal Bureau of Investigation (FBI) reported a 21% increase in crypto-related crime complaints in its 2025 Internet Crime Complaint Center (IC3) report. The FBI launched IC3 in 2000 as a portal for victims in the US to report online fraud. Cryptocurrency cases were linked to 181,565 complaints in 2025, resulting in $11.37 billion in losses, more than half of the total. Related: North Korean spy slips up, reveals ties in fake job interview Older Americans aged 60 and above filed the highest number of crypto-related complaints. Investment scams were the largest category, generating 61,559 complaints, including 13,685 from people 60 and older. That doesn’t mean the retail sector is untouched by suspected North Korean operations. An investigation published last November found that DPRK-linked operatives also recruit individuals to support remote IT worker schemes. Throughout 2025, Heiner García, a cyberthreat intelligence expert at Telefónica, came into contact with a suspected North Korean operative. García previously told Cointelegraph that the individual attempted to use him as a proxy to bypass VPN restrictions set by freelancing platforms. The tactic involves using a victim’s device in a local jurisdiction by installing remote access software such as AnyDesk. In August 2024, the US Department of Justice arrested Matthew Isaac Knoot for running a “laptop farm” that allowed DPRK IT workers to appear as US-based employees using stolen identities. In July 2025, Christina Chapman was sentenced to more than eight years in prison for her role in helping North Korean IT workers earn more than $17 million. The tradeoff behind freezing funds stolen by suspected DPRK actors A unique element of the Kelp DAO hack was the Arbitrum Security Council’s decision to freeze 30,766 ETH linked to the exploit. Crypto’s ethos is decentralization, yet responses to major hacks continue to divide the industry. Some projects lean toward minimal intervention, even as security experts call for action, leaving little consensus on when it is appropriate to step in. Ledger CTO Charles Guillemet said on Tuesday that the outcome was “probably” good, but not a comfortable one. Freezing the funds likely prevented further losses. The discomfort comes from what the action makes explicit. The Arbitrum Security Council did not exploit a bug or discover a backdoor. It exercised its intended authority to override the state. That authority exists by design and sits in tension with the idea of credibly neutral infrastructure. In practice, assets on today’s rollups can still be affected by governance decisions under certain conditions. Guillemet ties that tradeoff to the threat environment. The Kelp DAO exploit did not rely on a novel smart contract bug. It exposed weaknesses in infrastructure and configuration, showing how attacks are moving beyond code into the systems that support it. At the same time, North Korea-linked groups have evolved into well-resourced, persistent adversaries capable of probing those systems across multiple fronts. That leaves the industry split between accepting intervention or accepting losses that cannot be undone. Magazine: Adam Back says current demand is ‘almost’ enough to send Bitcoin to $1M

資料狀態✓ 已擷取全文閱讀原文（CoinTelegraph）

🔍歷史類似事件· 關鍵字 + 標的比對6 則

2026-04-21

Kelp DAO 攻擊者在漏洞利用後轉移了 1.75 億美元的 ETH：Arkham

相似度 230%關鍵字 after/dao/exploit

2026-04-21

Arbitrum 凍結了與 Kelp DAO 漏洞攻擊相關的 7100 萬美元 ETH

相似度 230%關鍵字 dao/exploit/tied

2026-04-20

在 Kelp DAO 橋接漏洞引發 DeFi 混亂後，Aave 可能面臨高達 2.3 億美元的損失

相似度 230%關鍵字 after/dao/exploit

2026-04-20

LayerZero 將 2.9 億美元的漏洞攻擊歸咎於 Kelp 的設定，並將其歸因於北韓的 Lazarus

相似度 230%關鍵字 korea/north/exploit

2026-04-22

Kelp DAO 遭駭 2.92 億美元一事顯示，為何 crypto bridges 仍是該產業最脆弱的環節之一

相似度 180%關鍵字 dao/exploit/kelp

2026-04-22

交易員認為 Kelp 不會分攤 2.92 億美元遭駭後的損失

相似度 180%關鍵字 after/exploit/kelp

💡 目前用關鍵字 + 標的比對（MVP）· 之後會升級為 embedding 語意搜尋

原始資訊

ID：122d22aa07

來源：CoinTelegraph

發佈：2026-04-22 11:29:54

分類：一般 · 導出分類 neutral

標的：未指定

社群投票：+0 / −0 · ⭐ 0 重要 · 💬 0 留言