Lazarus Group Suspected in $292M KelpDAO Bridge Hack, Narrowly Missed Second Drain

North Korea's Lazarus Group is the prime suspect behind a sophisticated $292 million cross-chain bridge attack on KelpDAO, an exploit that came within minutes of draining millions more. The attackers forged a cross-chain message to steal user funds, executed a clean withdrawal, and nearly repeated the attack before being stopped. This precision operation highlights the advanced capabilities of state-linked threat actors targeting the DeFi ecosystem's most critical infrastructure.

The hack targeted the KelpDAO bridge, a protocol designed to facilitate asset transfers across different blockchains. By forging a valid cross-chain message, the attackers were able to illegitimately mint assets on the destination chain and withdraw them. Security researchers analyzing the transaction flow noted the attackers' operational discipline: they meticulously covered their tracks during the exit and had a second, nearly identical attack vector prepared and ready to launch. The narrow prevention of this secondary drain suggests a highly coordinated and pre-planned assault.

The incident places intense scrutiny on the security of cross-chain messaging systems, which have become high-value targets for sophisticated adversaries. The attribution to Lazarus Group, known for funding Pyongyang's weapons programs through crypto theft, signals a continued and escalating threat to the entire decentralized finance sector. This attack not only represents a major financial loss but also demonstrates a tactical shift towards exploiting the complex, interconnected plumbing of multi-chain DeFi, raising urgent questions about the resilience of these foundational protocols against nation-state level adversaries.