US EditionNorth Korean-backed hackers roll out new attack vector targeting crypto executives and firms
LayerZero said the breach drained an Ethereum-linked token after two servers were compromised, and researchers called it North Korea’s latest state-backed crypto operation.
- On April 18, KelpDAO was exploited for approximately $290 million after two blockchain servers hosted by LayerZero were compromised, draining assets linked to Ethereum from the platform.
- Preliminary indicators point to the North Korean state-sponsored Lazarus Group, LayerZero said, linking the breach to a United Nations report on North Korea's cybercrime program funding nuclear weapons development.
- In the past two weeks alone, North Korean hackers siphoned more than $500 million from the Drift and KelpDAO exploits, a "sustained campaign" according to Natalie Newson, a senior blockchain security researcher at CertiK.
- Security experts warned Wednesday that the Lazarus Group is running a new campaign called "Mach-O Man," which uses a "ClickFix" delivery method instructing victims to paste terminal commands to "fix a connection issue," Newson noted.
- "What makes Lazarus especially dangerous right now is their activity level," Newson said; the crypto industry must view the collective as a constant, well-funded threat operating at state-directed institutional scale.
13 Articles
13 Articles
Malay Mail
North Korean hacker group Lazarus suspected behind US$300m crypto heist
SEOUL, April 22 — A notorious North Korean hacking group is likely behind the theft of nearly US$300 million (about RM1.19 billion) in cryptocurrency over the weekend, an affected party has said, in the biggest known crypto heist this year.It is the latest such incident linked to North Korea, whose sophisticated cybercrime programme uses stolen cryptocurrency to help fund its nuclear weapons development, according to a United Nations panel.Digit…
Crypto Bridge Laundering Surges After $290M Lazarus Hack
Lazarus Group launched crypto bridge laundering after stealing $290 million in rsETH on April 22, 2026. Within hours, funds began moving rapidly across multiple blockchain networks. Early on-chain data shows the operation relied heavily on LayerZero and cross-chain bridges. Investigators linked the activity to previous Lazarus Group hack patterns involving fund commingling. Patterns Indicate A Coordinated Money Laundering Operation Specter, an o…
In an extremely complex cyberattack, unknown perpetrators may have stolen nearly $300 million worth of cryptocurrency.
North Korea’s Lazarus Group targets crypto execs with new macOS malware
North Korea’s Lazarus Group is using “Mach-O Man” macOS malware and fake meeting invites to hijack crypto execs and fund nine-figure DeFi raids. Lazarus, the North Korean state-backed hacking outfit, has rolled out a new macOS malware campaign aimed squarely…
Coverage Details
Bias Distribution
- 67% of the sources lean Right
Factuality
To view factuality data please Upgrade to Premium
