Over the weekend, an incident struck Kelp DAO, resulting in the theft of around $292 million in digital assets and triggering a detrimental market ripple effect that could be 2026’s most significant DeFi hacks event.
Kelp DAO, a protocol that allows users to earn yields on crypto investments. The attack has been an eye-opening reminder as AI becomes the main catalyst behind advanced attacks on the internet. AI-driven security is either creating a more resilient internet, or a fragile system. In such a scenario, the financial domain remains susceptible to massive crypto heists.
Are Interconnected Systems Vulnerable?
The attack was carried out against the cross-chain bridge offered by LayerZero, employing AI to detect and poison certain data nodes. By forcing a failover to these poisoned nodes, the attacker managed to input fake transaction details without being detected.
Since Kelp DAO employed the single-verifier model, there was no verification for illegal information. Any DeFi exploit today demonstrates how a single point of failure can compromise an entire network despite advanced security measures.
LayerZero has since argued that they consistently advised against this configuration.
“Operating a single-point-of-failure configuration meant there was no independent verifier to catch and reject a forged message,” said the company in a statement, emphasizing that their own systems functioned as intended.
Even with these measures, the attackers were able to penetrate the security layers, which can be seen from the historical records, since North Korea stole $659 million in crypto heists in 2024. The high value involved in bridge infrastructure, where the fast pace of the automated attack continues to put pressure on existing defense mechanisms.
Human Price Tag for Automated Attacks
The scenario described is yet another example among many other DeFi hacks. Preliminary reports point to the North Korea crypto hackers, known as TraderTraitor – a subunit of the Lazarus Group – as the criminal, a group that has perfected the use of automated exploits to drain liquidity.
For ordinary crypto DeFi wallet users, such incidents mean more than technical troubles, as the losses they incur mean financial losses that shake their confidence in cryptocurrency exchanges. The gravity of this DeFi exploit today cannot be overstated, given that the stolen tokens had been posted as collateral on other sites, hence compelling Aave – decentralized finance protocol – to freeze all accounts to stop a total collapse.
As the frequency of DeFi hacks increases, the pressure to secure these systems grows. When a DeFi exploit today can wipe out billions in market value, then our current defenses may be fighting a losing battle.
Recent intelligence suggests that if North Korea steals crypto at an unprecedented rate, it also risks fueling state programs through these illicit activities.
Clearly, DeFi hacks are becoming a core part of their state funding, and the community must address whether our reliance on automated protocols is truly protecting the crypto DeFi hack landscape.
Ultimately, these DeFi hacks might be the inevitable cost of a system that favors speed over structural redundancy, proving once again that a North Korea crypto heist has the power to devastate even the most sophisticated networks.
This ongoing cycle leaves the industry wondering if a North Korea crypto heist will eventually be countered by systems that are more than do more than just reaction, or if the current paradigm of AI-driven vulnerability is the new, precarious normal.
Inside Telecom provides you with an extensive list of content covering all aspects of the Tech industry. Keep an eye on our Cryptocurrency section to stay informed and updated with our daily articles.