FFeel.Trading
要聞列表Lazarus Group 疑似在 Arbitrum 凍結 KelpDAO 漏洞攻擊中的 71M 美元 ETH 後,轉移了 175M 美元的 ETH
Bitcoin.com2026-04-21 12:19:33ETH

Lazarus Group 疑似在 Arbitrum 凍結 KelpDAO 漏洞攻擊中的 71M 美元 ETH 後,轉移了 175M 美元的 ETH

ORIGINALLazarus Group Suspected of Moving $175M in ETH After Arbitrum Freezes $71M From KelpDAO Exploit
AI 影響分析Grok 分析中...
📄完整原文· 由 trafilatura 自動擷取5562 字
North Korea’s Lazarus Group is preliminarily attributed with draining approximately $292 million in rsETH from KelpDAO on April 18, 2026. The state-backed hacking entity has been responsible for billions of dollars stolen from the crypto industry over the last few years. Lazarus Group Suspected of Moving $175M in ETH After Arbitrum Freezes $71M From KelpDAO Exploit Key Takeaways: - Lazarus Group drained 116,500 rsETH from KelpDAO on April 18. - The Arbitrum Security Council froze roughly 30,766 ETH worth $71M linked to the KelpDAO exploiter on April 20. - Lazarus moved $175M to new ethereum addresses after the Arbitrum freeze, with Arkham Intelligence actively tracking wallets. North Korea’s Hacking Syndicate Launders Millions in Stolen KelpDAO ETH Through Thorchain and Umbra Cash While the story may be different depending on which protocol dev you ask, reports say the attackers compromised two RPC nodes and deployed malware to feed false transaction data exclusively to Layerzero’s Decentralized Verifier Network while keeping feeds honest for other observers. Reports have been released by KelpDAO, Layerzero, and Llamarisk alongside Aave service providers. The attack followed with a distributed denial-of-service attack against the remaining clean nodes, forcing KelpDAO‘s bridge to fail over to the compromised infrastructure. With the verification layer under their control, they forged a cross-chain message authorizing the withdrawal of roughly 116,500 rsETH, representing approximately 18% of KelpDAO’s total rsETH supply. The KelpDAO theft is the second major attack attributed to Lazarus within three weeks. On April 1, approximately $285 million was taken from Drift Protocol in an operation investigators also linked to North Korea’s Lazarus. The two incidents together account for nearly $600 million in losses. North Korean hackers reportedly stole approximately $2.02 billion in cryptocurrency across all of 2025, a 51% year-over-year increase that made it a record year for DPRK-linked theft. That figure, published by Chainalysis and South Korean media outlets, represented roughly 60% to 76% of all global service-level crypto thefts, despite the group executing 74% fewer individual incidents than in prior years. The cumulative lower-bound estimate through the end of 2025 reached approximately $6.75 billion. The largest single theft in crypto history also belongs to Lazarus. In early 2025, the group stole approximately $1.5 billion from Bybit, a Dubai-based exchange, by compromising a software provider for Safe Wallet and manipulating developer environments to redirect a cold-to-hot wallet transfer. The FBI formally attributed that attack to North Korean Lazarus Group actors. Before Bybit, significant attributed heists included roughly $620 million from the Ronin Network bridge in 2022, $308 million from DMM Bitcoin in 2024, and $234.9 million from Indian exchange WazirX in 2024. The DPRK-linked group has also targeted smaller platforms, individual wallets, and crypto-adjacent software supply chains. Lazarus typically spends months in preparation before executing a theft. Attackers use fake recruiter outreach, Github-hosted malware, and spear-phishing to gain initial access. Once inside developer or validator environments, they harvest private keys, compromise hot wallets, or manipulate bridge infrastructure. After exfiltrating funds, the group launders assets through chain-hopping, decentralized exchange ( DEX) swaps, and dispersion across thousands of addresses. Some proceeds are allegedly routed through services such as Huione Pay before ultimately being converted into bitcoin or other assets that can support the DPRK regime. The U.S. Department of Justice indicted North Korean national Park Jin Hyok in connection with earlier Lazarus operations. The Treasury Department’s Office of Foreign Assets Control has sanctioned dozens of addresses, and the FBI has issued public advisories with onchain identifiers for exchanges and validators to block. Despite those measures, Lazarus has continued to adapt. The group’s infrastructure poisoning techniques, including the RPC node compromise used in the KelpDAO attack, reflect a shift toward targeting the plumbing beneath decentralized finance (DeFi) protocols rather than front-end interfaces or individual user credentials. Crypto bridge security remains a central vulnerability. The Ronin, Harmony Horizon, and now KelpDAO breaches all involved manipulation of cross-chain verification systems. Security researchers have pointed to multi-signature requirements, independent RPC node auditing, and real-time behavioral monitoring as the most direct mitigations. Arbitrum Security Council Freezes 30,766 ETH From KelpDAO Exploiter in Emergency Onchain Action Arbitrum Security Council Freezes 30,766 ETH From KelpDAO Exploiter in Emergency Onchain Action The Arbitrum Security Council froze 30,766 ether held by the KelpDAO exploiter on Arbitrum One, moving the funds to a… Read NowArbitrum Security Council Freezes 30,766 ETH From KelpDAO Exploiter in Emergency Onchain Action Read NowThe Arbitrum Security Council froze 30,766 ether held by the KelpDAO exploiter on Arbitrum One, moving the funds to a… North Korea is estimated to derive a significant share of hard currency from these operations in an economy constrained by international sanctions, with some analyses placing crypto theft proceeds at roughly 13% of GDP. Stolen funds are believed to support the country’s nuclear and ballistic missile programs alongside other state functions.
資料狀態✓ 已擷取全文閱讀原文(Bitcoin.com)
🔍歷史類似事件· 關鍵字 + 標的比對6 則
2026-04-21
Arbitrum Security Council 凍結了與 $292M KelpDAO 漏洞攻擊相關的 $71.5M ETH
相似度 430%標的 ETH關鍵字 freezes/exploit/kelpdao
2026-04-21
Arbitrum Security Council 凍結了與 $292M KelpDAO 漏洞攻擊相關的 $71.5M ETH
相似度 430%標的 ETH關鍵字 freezes/exploit/kelpdao
2026-04-21
Arbitrum Security Council 在緊急鏈上行動中凍結了 KelpDAO 攻擊者的 30,766 ETH
相似度 430%標的 ETH關鍵字 freezes/arbitrum/kelpdao
2026-04-21
Arbitrum 凍結 KelpDAO 被駭資金,揭露 Crypto 最大謊言
相似度 380%標的 ETH關鍵字 freezes/kelpdao/arbitrum
2026-04-21
Arbitrum Security Council 阻止 KelpDAO 駭客轉移 30,766 ETH
相似度 380%標的 ETH關鍵字 kelpdao/eth/arbitrum
2026-04-20
KelpDAO 遭駭後,前 20 大鏈上的 DeFi TVL 皆出現下滑
相似度 380%標的 ETH關鍵字 kelpdao/exploit/after
💡 目前用關鍵字 + 標的比對(MVP)· 之後會升級為 embedding 語意搜尋
原始資訊
ID:ca4b86f7b1
來源:Bitcoin.com
發佈:2026-04-21 12:19:33
分類:一般 · 導出分類 neutral
標的:ETH
社群投票:+0 /0 · ⭐ 0 重要 · 💬 0 留言