VulnHub

Real-time Cybersecurity News

$290 Million Kelp DAO Crypto Heist Blamed on North Korea

SecurityWeek
Actively Exploited
DDoS

Overview

A significant crypto heist has taken place, resulting in a loss of approximately $290 million from Kelp DAO. The attack is attributed to North Korean hackers who exploited vulnerabilities in LayerZero’s DVN by compromising specific Remote Procedure Calls (RPCs) and launching Distributed Denial of Service (DDoS) attacks on others. This strategy forced the system to switch over to compromised infrastructure, allowing the attackers to siphon off funds. This incident raises alarms within the cryptocurrency community, highlighting the ongoing threat posed by state-sponsored hackers and the need for enhanced security measures in decentralized finance. As crypto continues to grow, incidents like this can undermine user trust and have broader implications for the market.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Kelp DAO, LayerZero's DVN, RPCs
  • Action Required: Companies should enhance security protocols, monitor for unusual activity, and consider implementing stronger defenses against DDoS attacks.
  • Timeline: Newly disclosed

Original Article Summary

The hackers targeted LayerZero’s DVN, compromising certain RPCs and DDoSing others to trigger failover to the poisoned infrastructure. The post $290 Million Kelp DAO Crypto Heist Blamed on North Korea appeared first on SecurityWeek.

Impact

Kelp DAO, LayerZero's DVN, RPCs

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Companies should enhance security protocols, monitor for unusual activity, and consider implementing stronger defenses against DDoS attacks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to DDoS.

Read Original Article

Related Coverage

Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms

Infosecurity Magazine

A recent report from the Cloud Security Alliance reveals that two-thirds of businesses are experiencing cybersecurity incidents linked to unchecked AI agents. These incidents include data exposure, operational disruptions, and financial losses. As companies increasingly adopt AI technologies, they face challenges in managing these agents effectively, leading to vulnerabilities. The report emphasizes the urgent need for organizations to implement better controls and oversight to mitigate these risks. Failure to do so could result in severe consequences for both their operations and their customers.

Apr 21, 2026

Chinese APT Targets Indian Banks, Korean Policy Circles

darkreading

Chinese state-sponsored hackers are reportedly targeting Indian banks and South Korean policy circles, raising concerns about espionage in the financial sector. Researchers noted that the tactics, techniques, and procedures (TTPs) used by these attackers appear outdated, suggesting a lack of sophistication in their approach. While the exact motivations behind these attacks remain unclear, the implications are significant as they could undermine the security of sensitive financial data and impact international relations. This situation highlights the ongoing cybersecurity challenges faced by nations in a highly interconnected world. Banks and governmental organizations are urged to bolster their defenses against potential intrusions.

Apr 21, 2026

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The Hacker News

The article discusses how identity-based attacks, particularly those involving stolen credentials, remain a primary method for cybercriminals to gain unauthorized access to systems. Despite the focus on advanced threats like zero-day vulnerabilities and AI-driven exploits, attackers often rely on simpler tactics such as credential stuffing to exploit weak passwords or reused credentials. This trend affects organizations across various sectors, as compromised accounts can lead to significant data breaches and financial losses. Companies are urged to implement stronger authentication measures and educate users about secure password practices to mitigate these risks.

Apr 21, 2026

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

SecurityWeek

The Cybersecurity and Infrastructure Security Agency (CISA) has added eight vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, with five of these already being exploited in the wild. The affected products include those from Cisco, Kentico, and Zimbra. Organizations using these systems are urged to address these vulnerabilities promptly to prevent potential attacks. The exploitation of these flaws poses significant risks, as they can allow attackers to gain unauthorized access or execute malicious actions on affected systems. Companies need to prioritize patching and updating their software to mitigate these risks effectively.

Apr 21, 2026

Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000

SecurityWeek

Recent data breaches involving Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority have compromised the personal information of approximately 600,000 individuals. These breaches highlight ongoing vulnerabilities in the healthcare sector, where sensitive data is often targeted by cybercriminals. The specifics of the breaches, including how the attackers gained access and what data was taken, remain unclear. However, the incidents underline the urgent need for healthcare organizations to strengthen their cybersecurity measures. Patients affected by these breaches should be vigilant about potential identity theft and monitor their accounts closely.

Apr 21, 2026

The US NSA is using Anthropic’s Claude Mythos despite supply chain risk

Security Affairs

The National Security Agency (NSA) is reportedly using Anthropic's Claude Mythos AI model, despite warnings from the Department of Defense about potential supply chain risks. This situation raises concerns about the balance between utilizing AI for defense purposes and the inherent risks that come with integrating third-party technology. The NSA's decision blurs the lines between AI as a necessary tool for national security and the vulnerabilities that can arise from dependency on external software. As AI continues to evolve, this case illustrates the challenges faced by government agencies in ensuring the security of their technological tools while also leveraging their capabilities. The implications of such decisions may affect various sectors, particularly in how AI is adopted in sensitive environments.

Apr 21, 2026