Lazarus Group Behind KelpDAO and Humanity Protocol Attacks, On-Chain Evidence Reveals

Investigations by on-chain analysts have revealed that the KelpDAO bridge exploit in April and the Humanity Protocol private key theft in June were carried out by the same attackers. The $292 million KelpDAO attack and the $23.6 million Humanity Protocol breach both showed hallmarks of DPRK-linked operations, with many suspecting the notorious Lazarus group was involved.

The on-chain evidence shows that the proceeds from these attacks have been flowing into shared wallets, indicating a single laundering pipeline, according to blockchain analyst Specter. The attacker behind the Humanity Protocol breach moved 15,403 ETH, worth $23.6 million, to a relatively new Ethereum address and then crossed it onto the Bitcoin network.

This action is consistent with a well-documented Lazarus Group technique, where they consolidate proceeds from separate operations into unified Bitcoin wallets before routing them through mixers and over-the-counter desks. The attackers behind the KelpDAO exploit compromised internal RPC nodes operated by LayerZero Labs and launched a DDoS attack against external nodes simultaneously.