KelpDAO Suffers $290 Million Theft

On Saturday, April 18, 2026, the DeFi project KelpDAO fell victim to a massive cyberattack that led to a loss of $290 million. The attackers, associated with the notorious Lazarus Group, are believed to be state-sponsored hackers from North Korea. This incident has once again highlighted the security situation in the decentralized finance sector. The KelpDAO platform, which is based on the Ethereum blockchain, allows users to trade various cryptocurrencies.

The attack was made possible by a vulnerability in the smart contract implementation, which allowed the hackers to steal large amounts of crypto assets. Experts suspect that the attackers are specifically looking for weaknesses in DeFi protocols to finance their operations. Investigations into the incident have already begun. Security researchers and blockchain analysts are attempting to reconstruct the exact methods used by the hackers. Initial analyses suggest that the attackers may have utilized a combination of phishing and exploits in smart contracts to gain access to the funds.

The KelpDAO developers responded to the incident by temporarily taking the platform offline to prevent further damage. Users have been urged to withdraw their funds from the platform until the security vulnerabilities are addressed. The community is concerned about the impact on trust in DeFi projects, especially considering the significant amounts invested in this sector in recent years. The Lazarus Group is known for its sophisticated cyberattacks and is linked to several major crypto thefts. According to reports from the U.S. Department of the Treasury, the group is supported by the North Korean government and has previously stolen millions of dollars from crypto exchanges and projects.

The recent attack on KelpDAO could be part of a larger strategy to support North Korean state finances. Reactions to the incident are mixed. While some in the crypto community emphasize the need for stronger security measures, there are also voices blaming the platforms themselves for such attacks. Critics argue that DeFi projects are often inadequately tested and that security vulnerabilities are not addressed in a timely manner. The impact of the attack could be far-reaching.

Experts warn that a loss of trust in DeFi platforms could lead to a decline in user numbers and investments. This could destabilize the entire industry, which has rapidly developed in recent years and now has a market value exceeding $100 billion. The KelpDAO community has already taken initial steps to recover the lost funds. A proposal for the introduction of a refund program is currently under discussion. The developers have also announced that they will overhaul the platform's security architecture to prevent future attacks.

Investigations into the incident are expected to take several weeks. Security agencies worldwide are involved in the investigations to clarify the circumstances of the attack and to explore possible connections to other cybercrime cases. The KelpDAO developers have committed to providing regular updates on the situation. The KelpDAO platform has undergone several security audits in the past, but not all vulnerabilities could be identified. This incident raises questions about the effectiveness of these audits and may lead other DeFi projects to reconsider their security protocols.

The community expects that the results of the investigations will be published in the coming weeks. The KelpDAO developers have pledged to make the platform more secure and to keep the community informed of all progress. An initial report on the security audit is expected by May 15, 2026.