North Korean Hackers Execute $600 Million Cyber Heists on Cryptocurrency Platforms

The North Korean hacking group known as the Lazarus Group has been linked to two significant cyberattacks in 2026, resulting in the theft of nearly $600 million from cryptocurrency platforms.

The attacks, which were carried out by the Lazarus Group's unit UNC4736, targeted a Solana-based decentralized exchange and a liquid restaking protocol. The hackers used social engineering tactics to establish trust with key personnel at the exchanges, allowing them to bypass security protocols and steal funds.

One of the attacks, known as the 'Drift' incident, involved a six-month campaign to infiltrate the exchange's community and gather intelligence on its security measures. The hackers then used this information to launch a targeted attack that resulted in the theft of $285 million.

The second attack, which targeted Kelp DAO, was carried out through infrastructure poisoning. The hackers compromised the protocol's Distributed Verification Network (DVN) and launched a denial-of-service (DoS) attack on other RPCs, forcing the system to failover to poisoned infrastructure. This allowed the attackers to steal $290 million in rsETH.

The Lazarus Group's use of social engineering tactics and infrastructure manipulation demonstrates a new level of sophistication and coordination in state-sponsored cybercrime. The group's ability to carry out complex attacks that result in significant financial losses highlights the need for increased security measures in the cryptocurrency sector.