North Korean hackers suspected of $300 mln crypto heist

PARIS

A notorious North Korean hacking group is likely behind the theft of nearly $300 million in cryptocurrency over the weekend, an affected party has said, in the biggest known crypto heist this year.

It is the latest such incident linked to North Korea, whose sophisticated cybercrime program uses stolen cryptocurrency to help fund its nuclear weapons development, according to a United Nations panel.

Digital currency news site CoinDesk said the heist on the vault of online investment tool KelpDAO on April 18 was 2026's biggest crypto exploit so far.

During the hack, two blockchain servers hosted by another crypto tech application called LayerZero were compromised, KelpDAO said.

That allowed a cryptocurrency token linked to the major Ethereum currency to be "drained" from KelpDAO, it said.

"Preliminary indicators suggest attribution to a highly-sophisticated state actor, likely DPRK's Lazarus Group," LayerZero said, using the initials of North Korea's official name.

"This is clearly the job of North Korea's Lazarus group. No other group globally has the expertise and muscle power to conduct such a hack," said Henri Arslanian, co-founder of Nine Blocks Capital Management.

A U.N. panel estimated in 2024 that North Korea had stolen more than $3 billion in cryptocurrency since 2017.

Last year, the United States accused North Korea of being behind the theft of $1.5 billion worth of digital assets, then the largest crypto heist in history.