North Korean State Actors Siphon $578 Million from DeFi Protocols in April

North Korean cyber operatives have stolen more than $578 million in cryptocurrency during April, driven by two high-profile exploits. The largest of these, a $292 million breach of Kelp DAO, has become the most significant crypto exploit of the year to date. The Kelp DAO incident was attributed to 'TraderTraitor,' a subgroup of the state-backed Lazarus Group. According to LayerZero, the breach was facilitated by Kelp DAO's use of a single verifier configuration to approve cross-chain messages, which compromised the messaging infrastructure. Earlier in the month, the decentralized exchange Drift suffered a $285 million loss. Unlike purely technical exploits, the Drift attack involved sophisticated social engineering. Operatives reportedly posed as a quantitative trading firm during an in-person industry conference in November to build trust with contributors before executing the breach. Beyond large-scale DeFi hacks, the DPRK continues to employ remote IT worker fraud and AI-assisted social engineering to fund its weapons programs. A separate incident involving wallet provider Zerion saw approximately $100,000 stolen via AI-driven tactics. These activities occur against a backdrop of rising digital crime. The FBI's 2025 Internet Crime Complaint Center (IC3) report underscores the scale of the problem, noting $11.37 billion in total cryptocurrency-related losses across 181,565 complaints, with investment scams remaining the largest category of fraud.