North Korean Hackers Steal $500M Worth of Crypto in Two Weeks

Cryptocurrency markets are coming under fresh strain after hackers believed to be linked to North Korea executed two major breaches, draining more than $500 million in just over two weeks. The incidents targeting Kelp DAO and Drift point to a more organized pattern aimed at structural flaws within decentralized finance rather than isolated software bugs.

The most costly of the two attacks hit Kelp DAO, where losses surpassed $290 million, making it the largest known crypto theft this year. Hackers took advantage of weaknesses in the system’s design, especially its reliance on a single validation layer. They were able to trigger transfers that appeared legitimate within the network’s rules by introducing manipulated inputs that the protocol accepted as valid.

Security specialists stress that the event reflects a widespread misunderstanding about what digital signatures actually provide. Alexander Urbelis of ENS Labs noted that a digital signature only proves who approved a transaction, not whether the information being approved is accurate.

David Schwed of SVRN shared a similar assessment, stating that the breach came from how the system was built and configured, not from any weakness in encryption methods.

Drift experienced an estimated $285 million exploit that unfolded over an extended period through social engineering. Attackers posed as legitimate partners and maintained communication with the platform for months. Over time, they built credibility and trust, which eventually allowed them to access sensitive systems and execute the theft.

The two incidents point to a broader change in attacker behavior. Rather than focusing solely on code vulnerabilities in isolated applications, threat actors appear to be targeting the underlying architecture of decentralized finance platforms. Many of these structural issues are already recognized within the industry, yet they continue to be insufficiently addressed during development and deployment.

North Korea has been repeatedly linked to large-scale cryptocurrency thefts, with billions of dollars reportedly stolen in recent years. Analysts believe these operations are not random acts but part of coordinated efforts that benefit from state-level organization and planning. The latest incidents highlight how interconnected platforms can amplify the damage caused by a single point of failure.

According to analysts, security measures can no longer be treated as optional features or afterthoughts. Instead, stronger default protections, multi-layer verification processes, and a deeper focus on system design are needed to reduce risk. The assumption, they argue, should be that attackers will aim for the least protected element within a network.

Crypto exchanges like Coinbase Global Inc. (NASDAQ: COIN) may now need to review their cybersecurity features more frequently in order to proactively address any emerging vulnerabilities so that they don’t fall victim to increasingly sophisticated hackers.

About CryptoCurrencyWire

CryptoCurrencyWire (“CCW”) is a specialized communications platform with a focus on blockchain and the cryptocurrency sector. It is one of 75+ brands within the Dynamic Brand Portfolio @ IBN that delivers: (1) access to a vast network of wire solutions via InvestorWire to efficiently and effectively reach a myriad of target markets, demographics and diverse industries; (2) article and editorial syndication to 5,000+ outlets; (3) enhanced press release enhancement to ensure maximum impact; (4) social media distribution via IBN to millions of social media followers; and (5) a full array of tailored corporate communications solutions. With broad reach and a seasoned team of contributing journalists and writers, CCW is uniquely positioned to best serve private and public companies that want to reach a wide audience of investors, influencers, consumers, journalists and the general public. By cutting through the overload of information in today’s market, CCW brings its clients unparalleled recognition and brand awareness. CCW is where breaking news, insightful content and actionable information converge.

To receive SMS alerts from CryptoCurrencyWire, text “CRYPTO” to 888-902-4192 (U.S. Mobile Phones Only)

For more information, please visit https://www.CryptoCurrencyWire.com

Please see full terms of use and disclaimers on the CryptoCurrencyWire website applicable to all content provided by CCW, wherever published or re-published: https://www.CryptoCurrencyWire.com/Disclaimer

CryptoCurrencyWire
New York, NY
www.CryptoCurrencyWire.com
212.994.9818 Office
Editor@CryptoCurrencyWire.com

CryptoCurrencyWire is powered by IBN