Hackers linked to North Korea drained $577 million from two decentralized finance (DeFi) platforms in April, bringing the country's total crypto theft to $6 billion, according to a report from TRM Labs. The month's exploits accounted for 76% of all cryptocurrency stolen in 2026.
The attacks reflect a strategic shift toward more sophisticated, multi-stage attacks that target off-chain infrastructure rather than simple smart contract vulnerabilities, according to Yaniv Nissenboim, head of security solutions at Chainalysis. "Well-resourced attackers are finding novel ways to exploit the seams between on-chain protocols and the off-chain systems they depend on," Nissenboim said.
The Lazarus Group, a North Korean state-sponsored hacking team, was responsible for the two largest incidents in April, which TRM Labs called the worst month on record for crypto hacks. The attackers targeted the Solana-based Drift Protocol and the Ethereum-based liquid restaking platform Kelp DAO. These incidents follow the Lazarus Group's alleged involvement in the nearly $1.5 billion Bybit heist in February 2025.
The wave of exploits reinforces the significant security risks within the DeFi ecosystem, potentially leading to decreased user confidence and increased pressure on developers to bolster security. The news is consistent with decreased confidence in short-term price targets for both Bitcoin and Ethereum, with the impact on Ethereum seen as more direct given the targeting of its DeFi infrastructure.
A Shift in Tactics
April’s spike in crypto exploits was driven by a small number of “precision strikes,” as attackers increasingly target high-liquidity protocols, Cyvers co-founder Meir Dolev told Cointelegraph. The attack vectors included compromised remote procedure call (RPC) nodes, breaches of cloud key management systems, and long-running social engineering campaigns.
Other recent attacks underscore the trend. Wasabi Protocol was drained of around $5.5 million across four different blockchains, and the move-to-earn platform Sweat Economy lost $3.46 million in under 30 seconds, according to security firm Certik.
Despite the record losses, some analysts see signs of growing resilience in the sector. A research note from Standard Chartered’s Geoffrey Kendrick argued that the KelpDAO incident will likely spur the industry to implement solutions that reduce such vulnerabilities.
This article is for informational purposes only and does not constitute investment advice.
