The Biggest Crypto Heist of 2026
North Korea's notorious hacking apparatus has struck again — and this time, the haul is staggering. State-sponsored hackers linked to Pyongyang have been blamed for stealing $290 million USD from Kelp DAO, a decentralized finance (DeFi) protocol, making it the single largest cryptocurrency theft recorded so far in 2026.
The attack, attributed by cybersecurity researchers to North Korean threat actors — likely affiliated with the Lazarus Group — targeted vulnerabilities in Kelp DAO's smart contract infrastructure. Once inside, the attackers drained funds rapidly before laundering them through a web of blockchain transactions designed to obscure the trail.
Who Is Kelp DAO?
Kelp DAO is a liquid restaking protocol built on the Ethereum ecosystem, allowing users to earn yield on staked crypto assets. It had amassed hundreds of millions of dollars in total value locked (TVL), making it an attractive high-value target for sophisticated threat actors.
The protocol joins a long list of DeFi platforms that have been hit by exploits in recent years, but the scale of this particular theft sets it apart. At $290 million, it surpasses previous 2026 incidents and ranks among the largest crypto heists in the industry's history.
North Korea's Crypto Playbook
This attack fits a well-documented pattern. North Korea has been accused of stealing billions of dollars in cryptocurrency over the past decade, using the proceeds to fund its weapons programs and circumvent international sanctions.
The United Nations and multiple Western intelligence agencies have repeatedly flagged North Korean cyber units — particularly Lazarus Group — as among the most prolific and sophisticated crypto thieves in the world. Their methods typically involve spear-phishing campaigns, compromised developer credentials, and exploits targeting DeFi smart contracts or cross-chain bridges.
In 2022, North Korean hackers were blamed for the $625 million Ronin Network breach — still the largest crypto hack on record. The Kelp DAO theft signals that these operations are not only continuing but evolving.
What Happens to the Stolen Funds?
Tracking and recovering stolen crypto is notoriously difficult. North Korean operatives are known to use mixers, chain-hopping techniques, and over-the-counter brokers in jurisdictions with weak enforcement to convert stolen assets into usable currency.
Blockchain analytics firms including Chainalysis and Elliptic have been actively tracking wallets associated with the Kelp DAO theft. However, full recovery of the funds is considered unlikely given the sophistication of the laundering operation already underway.
A Wake-Up Call for DeFi Security
The attack has reignited calls for stronger security standards across the DeFi sector. Critics argue that many protocols prioritize rapid growth and capital attraction over rigorous smart contract auditing and real-time threat monitoring.
Regulators in the United States, European Union, and South Korea have all pointed to North Korea's crypto theft operations as a national security concern — not just a financial one. With proceeds believed to flow directly into Pyongyang's missile and nuclear programs, the stakes extend well beyond digital wallets.
For the broader crypto community, the Kelp DAO hack is a stark reminder: as the value locked in DeFi protocols grows, so does the sophistication — and the ambition — of those trying to take it.
Source: TechCrunch
