North Korean Hackers Trigger $15 Billion DeFi Withdrawal as Security Concerns Rise

North Korean Hackers Spark Massive DeFi Withdrawals After $600 Million Theft

Decentralized finance (DeFi) investors are pulling funds at an unprecedented rate following a series of high-profile hacks attributed to North Korean state-sponsored hackers. In the first four months of 2024 alone, these attackers stole nearly $600 million from onchain applications, according to industry data.

Kelp DAO Hack Triggers $294 Million Loss on Ethereum

On Saturday, hackers breached Kelp DAO, a restaking application on the Ethereum blockchain, siphoning off $294 million from user deposits. The exploit sent shockwaves through the DeFi ecosystem, prompting immediate investor reactions.

Total Value Locked in DeFi Drops by $15 Billion

In the aftermath of the Kelp DAO hack, investor confidence plummeted. Data from DefiLlama reveals that total deposits across major DeFi protocols—measured by Total Value Locked (TVL)—declined by over $15 billion.

The impact was most severe on leading lending platforms:

• Aave, the largest DeFi lending app, saw deposits fall by $10 billion, representing a 22% drop from its pre-hack total.
• Morpho experienced a $1.7 billion reduction in deposits.
• Sky lost $600 million in user funds.

These protocols were directly exposed because they had integrated Kelp DAO’s rsETH token, of which 116,500 tokens were stolen in the attack.

Solana-Based Protocols Also Suffer Outflows

Even DeFi apps operating on other blockchains felt the ripple effects. Kamino, the largest lending market on Solana, recorded $280 million in withdrawals since April 18, 2024.

Why Are DeFi Hacks Becoming More Dangerous?

Security experts warn that North Korean hacking groups, particularly the Lazarus Group, are refining their tactics. A December 2023 report by Chainalysis highlighted their increasing sophistication and patience, shifting from numerous small attacks to fewer but far more damaging breaches.

The rise of artificial intelligence (AI) is further exacerbating the threat. Cybercriminals are leveraging AI to:

• Scan thousands of lines of smart contract code per second.
• Identify vulnerabilities missed by developers and auditors.
• Automate and accelerate the exploitation process.

This technological advantage makes it easier for hackers to exploit weaknesses in DeFi protocols, which often operate without traditional financial safeguards like transaction reversals or fraud detection.

2023 Was the Worst Year for Crypto Hacks—2024 Is on Track to Surpass It

Last year set a grim record, with cryptocurrency-related hacks totaling over $3.4 billion in losses, according to Chainalysis. With $771 million already stolen in the first four months of 2024, this year is on pace to exceed last year’s figures.

How Hackers Are Evolving: From Social Engineering to Cross-Chain Exploits

Recent attacks demonstrate a shift toward more complex and coordinated strategies:

• Kelp DAO ($293 million theft): Attackers forged a legitimate-looking cross-chain message, requiring deep coordination and a sophisticated, multi-chain setup.

• Drift Protocol ($285 million theft): The April 1 hack on this Solana-based app resulted from a months-long operation that combined social engineering with the exploitation of niche Solana blockchain features.

These incidents underscore a troubling trend: hackers are no longer relying solely on brute-force methods. Instead, they are investing time in understanding protocol mechanics and exploiting systemic weaknesses.

Can Traditional Finance Lessons Apply to DeFi?

While traditional financial institutions are not immune to hacks, they often have safeguards that DeFi lacks. For example, in 2016, North Korean hackers attempted to steal nearly $1 billion from Bangladesh’s central bank. Although they managed to siphon off $101 million, most transactions were blocked by intermediary banks.

In contrast, DeFi transactions are typically irreversible. Once funds are stolen, recovery is nearly impossible because smart contracts—once deployed—cannot be altered. The code itself acts as the final authority on fund movements, leaving little room for error or intervention.

The growing sophistication of attacks, combined with the irreversible nature of blockchain transactions, is pushing investors to reassess the risks of DeFi. As institutional capital continues to enter the space, the pressure on protocols to enhance security measures has never been greater.