VulnHub

Real-time Cybersecurity News

North Korea’s Lazarus APT stole $290M from Kelp DAO

Security Affairs
Actively Exploited
APT

Overview

The Lazarus Group, a hacking group linked to North Korea, successfully stole $290 million from Kelp DAO, a decentralized finance protocol on the Ethereum network. The theft was facilitated by exploiting vulnerabilities in LayerZero, a cross-chain messaging protocol. A subsequent attempt to steal an additional $95 million was thwarted by security measures. This incident raises significant concerns about the security of DeFi protocols and highlights the ongoing risks posed by state-sponsored cybercriminals in the cryptocurrency space. The implications are serious for investors and users of decentralized finance, as such breaches can undermine trust in these platforms.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Kelp DAO, LayerZero protocol
  • Action Required: Users should implement enhanced security measures and remain vigilant against potential phishing attempts and other social engineering tactics.
  • Timeline: Recently disclosed

Original Article Summary

North Korea-linked Lazarus Group stole $290M from Kelp DAO by abusing LayerZero. A second $95M attempt was stopped. Hackers tied to the North-Korea linked group Lazarus APT carried out a $290M crypto theft targeting Kelp DAO. Kelp DAO is a decentralized finance (DeFi) protocol built on the Ethereum ecosystem that focuses on a concept called […]

Impact

Kelp DAO, LayerZero protocol

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Recently disclosed

Remediation

Users should implement enhanced security measures and remain vigilant against potential phishing attempts and other social engineering tactics. No specific patches or updates have been mentioned.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to APT.

Read Original Article

Related Coverage

Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks

CyberScoop

During a recent House Homeland Security Committee hearing, lawmakers discussed the rising issue of ransomware attacks targeting hospitals. These attacks have significant implications for patient care and safety, leading to concerns that they may warrant designations as terrorism or even homicide charges against perpetrators. The discussions reflect growing frustration over the frequency and severity of these attacks, which not only disrupt healthcare services but can also endanger lives. As ransomware incidents increase, lawmakers are considering more serious legal consequences to deter future attacks and protect vulnerable healthcare systems from cybercriminals. This initiative highlights the urgent need for stronger cybersecurity measures in the healthcare sector.

Apr 21, 2026

New Lotus data wiper used against Venezuelan energy, utility firms

BleepingComputer

Researchers have identified a new type of data-wiping malware called Lotus, which was used in targeted attacks against energy and utility companies in Venezuela last year. This malware is particularly concerning as it specifically targets critical infrastructure, potentially disrupting essential services. The attacks indicate a growing trend of cyber threats aimed at destabilizing operations in the energy sector, which can have far-reaching consequences for both companies and the general public. Organizations in similar sectors should be vigilant and enhance their cybersecurity measures to protect against such threats. The emergence of Lotus highlights the ongoing risks faced by utilities worldwide.

Apr 21, 2026

Sysdig report signals end of human-led cloud defense

SCM feed for Latest

Loris Degioanni, the founder and CTO of Sysdig, announced that many organizations are moving away from traditional human-led cloud security measures. According to recent data, over 70% of security teams are now using behavior-based runtime detection methods to secure their cloud environments. This shift indicates a growing reliance on automated systems to identify and respond to security threats. As cloud infrastructures become more complex, the need for real-time, automated responses is becoming critical. This change could significantly impact how companies manage security and protect their digital assets moving forward.

Apr 21, 2026

Fortinet architect warns of OT cloud convergence risk

SCM feed for Latest

Federal agencies in the U.S. are facing significant security challenges as they modernize their systems under new fiscal mandates for 2026. Robert Imhof, a federal architect at Fortinet, warns that the merging of cloud services, IT, and operational technology has outpaced existing security measures, which are often disjointed and ineffective. This lack of visibility creates vulnerabilities that could be exploited by cybercriminals. As agencies rush to update their infrastructures, they need to prioritize the integration of their security architectures to protect against potential attacks. This situation affects not only government operations but could also have broader implications for national security and public safety.

Apr 21, 2026

Lovable AI coding platform faces scrutiny over data exposure

SCM feed for Latest

A security researcher, known as @weezerOSINT, discovered that a free account on the Lovable AI coding platform inadvertently allowed users to access other individuals' source code and sensitive database credentials. This exposure raises significant concerns about data privacy and security, particularly for developers relying on the platform to store their work. Such vulnerabilities can lead to unauthorized access to intellectual property and critical information, affecting both individual users and potentially larger organizations that utilize Lovable. Addressing this issue is crucial for maintaining trust in coding platforms and ensuring that user data remains safe from prying eyes.

Apr 21, 2026

22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

The Hacker News

Researchers at Forescout Research Vedere Labs have discovered 22 vulnerabilities in serial-to-IP converters made by Lantronix and Silex. These flaws could allow attackers to take control of nearly 20,000 devices and manipulate the data being transmitted through them. This is particularly concerning because serial-to-Ethernet converters are widely used in various industries, making them attractive targets for cybercriminals. Organizations using these devices need to be aware of the potential risks and take steps to secure their systems. The vulnerabilities are significant enough that they could lead to unauthorized access and data breaches if not addressed promptly.

Apr 21, 2026