A notorious North Korean hacking group is likely behind the theft of nearly $300 million in cryptocurrency over the weekend, the biggest known crypto heist in 2026.
It is the latest such incident linked to North Korea; their sophisticated cybercrime program uses stolen cryptocurrency to help fund nuclear weapons development, according to a United Nations panel.
Digital currency news site CoinDesk said that the heist in the vault of online investment tool KelpDAO on Saturday was 2026’s biggest crypto exploit so far.
KelpDAO stated on Tuesday that the hack compromised two blockchain servers hosted by another crypto tech application called LayerZero.
That allowed a cryptocurrency token linked to the major Ethereum currency to be drained from KelpDAO, it added.
“On 18 April 2026, KelpDAO was exploited for approximately $290M,” LayerZero said in a statement.
“Preliminary indicators suggest attribution to a highly sophisticated state actor, likely DPRK’s Lazarus Group,” LayerZero mentioned, using the initials of North Korea’s official name.
It assured users that there is zero contagion to any other cross-chain assets or applications.
Blockchain technology allows transactions to do away with middlemen, including governments and banks, a concept known as decentralised finance (DeFi).
“Such an event will make it scarier for new entrants to enter the DeFi world,” said Henri Arslanian, co-founder of Nine Blocks Capital Management.
“This operation is clearly the job of North Korea’s Lazarus group. No other group globally has the expertise and muscle power to conduct such a hack,” he also said on Wednesday.
A UN panel estimated in 2024 that North Korea had stolen more than $3 billion in cryptocurrency since 2017.
In 2025, the United States accused North Korea of being behind the theft of $1.5 billion worth of digital assets, the largest crypto heist in history then.
.jpg "Obama 'Star Wars' center reflects former president’s vision, legacy")
