North Korea Exploits DeFi with $500M in Drift, Kelp Attacks
North Korea-linked hackers stole over $500 million from Drift and Kelp, exploiting cross-chain infrastructure. The attack manipulated data feeds, exposing centralization risks in decentralized systems, and spread losses to Aave and other platforms.
Quick Take
Hackers siphoned $500M from Drift and Kelp in two weeks.
Kelp exploit used manipulated data feeds, not broken cryptography.
Single verifier on LayerZero enabled approval of false transactions.
Fallout spreads to lending platforms like Aave holding affected collateral.
Market Impact Analysis
BearishState-sponsored hacks undermine trust in DeFi security, likely causing sell pressure on affected protocols and broader caution.
Speculation Analysis
Key Takeaways
- Over $500 million drained in Drift and Kelp exploits within two weeks, marking an escalation in state-sponsored DeFi attacks.
- Kelp’s single-verifier cross-chain setup allowed hackers to push falsified data that the system accepted as legitimate.
- Stolen collateral is triggering losses on lending platforms like Aave, spreading damage beyond the original exploits.
- The incident highlights systemic centralization risks in cross-chain infrastructure design.
What Happened
North Korea-linked hackers have struck two major DeFi protocols in rapid succession, draining over $500 million from Drift and Kelp. The Kelp exploit, which followed a social engineering attack on Drift weeks earlier, did not rely on cracking encryption. Instead, attackers manipulated cross-chain transaction data by submitting cryptographically signed but falsified messages that the system treated as valid. Because Kelp’s infrastructure had been configured to use a single verifier, there was no secondary check to catch the fraudulent inputs. The incident shows a shift in hacker tactics, targeting the underlying assumptions of decentralized systems rather than technical bugs.
The Numbers
Total losses exceed $500 million across both incidents. The Kelp attack saw attackers exploit a data feed rather than break cryptography, with the system approving transactions that never actually occurred. The core vulnerability was a single verifier for cross-chain messages—a configuration choice that traded security for simplicity. In response, cross-chain protocol LayerZero now recommends multiple independent verifiers. Lending platforms like Aave that accepted compromised assets as collateral are now nursing losses, with potential knock-on effects across DeFi.
Why It Happened
The Kelp exploit succeeded because of a structural choice: relying on one verifier to approve cross-chain messages. While signatures guaranteed who sent the data, they did not verify the data’s truth. When that lone checker was compromised, false transactions were approved seamlessly. This configuration, often chosen for speed, removed a critical safety layer. Security experts note that such single points of failure are increasingly targeted by sophisticated actors. State-sponsored groups like North Korea’s are now systematically testing and exploiting these centralized weak spots in decentralized finance.
Broader Impact
The fallout extends beyond Kelp. Because restaked assets circulate through lending markets, platforms like Aave that held the compromised collateral face immediate losses. The incident has reignited debate around cross-chain security design, with calls to mandate multi-verifier systems. As state-sponsored hacks escalate, DeFi may see a pullback from high-risk cross-chain and restaking protocols until security is hardened. The attack also underscores how centralized assumptions can break decentralized systems, potentially drawing regulatory attention.
What to Watch Next
- Monitor Kelp and Drift for any recovery plans or compensation proposals for affected users.
- Watch Aave and other lending platforms for risk parameter changes or cascading liquidations tied to the compromised collateral.
- Track cross-chain infrastructure projects like LayerZero as they push mandatory multi-verifier configurations in response.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
