North Korea’s Lazarus suspected of stealing US$290 million from KelpDAO
open_in_new
Read the original article: https://www.scmp.com/news/asia/east-asia/article/3350964/north-koreas-lazarus-su…
psychologyDetected Techniques
warning
Loaded Language
70% confidence
Using words with strong emotional connotations to influence an audience.
fact_checkFact-Check Results
6 claims extracted and verified against multiple sources including cross-references, web search, and Wikipedia.
check_circle
Corroborated
4
info
Single Source
1
report
Misleading
1
“A notorious North Korean hacking group is likely behind the theft of nearly US$300 million in cryptocurrency over the weekend, an affected party has said, in the biggest known crypto heist this year.”
CORROBORATED
Multiple web search results report that an affected party stated a notorious North Korean hacking group is likely behind a major crypto theft of nearly $300 million. One source specifically mentions the theft of over $300 million from DMM Bitcoin by a group believed to be part of Lazarus Group, and another corroborates the $300 million figure from an affected party's statement.
menu_book
wikipedia
NEUTRAL
— The Korean War (25 June 1950 – 27 July 1953) was an armed conflict the Korean Peninsula fought between North Korea (Democratic People's Republic of Korea; DPRK) and South Korea (Republic of Korea; ROK…
https://en.wikipedia.org/wiki/Korean_War
https://en.wikipedia.org/wiki/Korean_War
menu_book
wikipedia
NEUTRAL
— North Korea has been involved in the Russo-Ukrainian war since 2022, when it supported Russia by recognizing the self-proclaimed Donetsk People's Republic and Luhansk People's Republic. In the autumn …
https://en.wikipedia.org/wiki/North_Korean_involvement_in_th…
https://en.wikipedia.org/wiki/North_Korean_involvement_in_th…
menu_book
wikipedia
NEUTRAL
— North Korean operatives have posed as remote workers in Western companies under stolen or fabricated identities, primarily targeting information technology and technical roles. They generate revenue f…
https://en.wikipedia.org/wiki/North_Korean_remote_worker_sch…
https://en.wikipedia.org/wiki/North_Korean_remote_worker_sch…
+ 3 more evidence sources
“It is the latest such incident linked to North Korea, whose sophisticated cybercrime programme uses stolen cryptocurrency to help fund its nuclear weapons development, according to a United Nations panel.”
SINGLE SOURCE
While multiple sources discuss North Korea's cybercrime activities and its nuclear weapons program, none of the provided evidence explicitly attributes the statement that a 'United Nations panel' made this specific linkage regarding the *latest* incident. The evidence confirms North Korea's cybercrime activities and its nuclear threat, but the specific attribution to a UN panel regarding this latest incident is not corroborated.
menu_book
wikipedia
NEUTRAL
— People defect from North Korea for political, material, safety and personal reasons. Defectors flee to various countries, mainly South Korea. In South Korea, they are referred to by several terms, inc…
https://en.wikipedia.org/wiki/North_Korean_defectors
https://en.wikipedia.org/wiki/North_Korean_defectors
menu_book
wikipedia
NEUTRAL
— Relations between North Korea and the United States have been historically tense and hostile. The two countries have no formal diplomatic relations. Instead, they have adopted an indirect diplomatic a…
https://en.wikipedia.org/wiki/North_Korea–United_States_rela…
https://en.wikipedia.org/wiki/North_Korea–United_States_rela…
menu_book
wikipedia
NEUTRAL
— North Korea, officially the Democratic People's Republic of Korea (DPRK), has maintained a complex relationship with the United Nations (UN) since its founding in 1948. Initially opposing the concept …
https://en.wikipedia.org/wiki/United_Nations_and_North_Korea
https://en.wikipedia.org/wiki/United_Nations_and_North_Korea
+ 3 more evidence sources
“Digital currency news site CoinDesk said the heist on the vault of online investment tool KelpDAO on Saturday was 2026’s biggest crypto exploit so far.”
MISLEADING
The web search results repeatedly refer to the exploit as being related to 2026, and one result mentions '2026's biggest crypto exploit,' but the context suggests the reporting is about an event that *happened* in 2026, rather than CoinDesk *stating* it was the biggest of 2026 so far. Furthermore, the evidence suggests the exploit was reported around the time of the event, making the claim's phrasing potentially misleading regarding the source's exact reporting context.
travel_explore
web search
NEUTRAL
— 2026's biggest crypto exploit: $292 million gets drained from Kelp DAO with wrapped ether stranded across 20 chains.The rsETH held in the bridge was the reserve backing wrapped versions on every layer…
https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-cryp…
https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-cryp…
travel_explore
web search
NEUTRAL
— A major $292 million exploit of KelpDAO is rippling across the DeFi sector. The incident is a reminder that as DeFi protocols become increasingly interconnected, a single weak link can ripple across t…
https://www.coindesk.com/business/2026/04/19/the-usd292-mill…
https://www.coindesk.com/business/2026/04/19/the-usd292-mill…
travel_explore
web search
NEUTRAL
— Kelp DAO's Ethereum exploit. Top News. CoinDesk.Aave's contracts have not been exploited and this is an exploit related to rsETH. The freeze follows an exploit of the Kelp DAO rsETH bridge. Freezing t…
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
https://news.google.com/stories/CAAqNggKIjBDQklTSGpvSmMzUnZj…
“During the hack, two blockchain servers hosted by another crypto tech application called LayerZero were compromised, KelpDAO said on Tuesday.”
CORROBORATED
Multiple web search results confirm that KelpDAO stated that two nodes tied to the LayerZero bridge were compromised during the hack. One source specifies that the hackers compromised two Remote Procedure Call (RPC) nodes hosted by LayerZero.
travel_explore
web search
NEUTRAL
— Kelp DAO also shared more details about the incident, saying that two nodes tied to the LayerZero bridge were compromised, while a third was hit with a distributed denial-of-service attack.
https://cointelegraph.com/news/aave-s-risk-manager-shares-2-…
https://cointelegraph.com/news/aave-s-risk-manager-shares-2-…
travel_explore
web search
NEUTRAL
— Kelp DAO is disputing LayerZero's account of a $290 million rsETH bridge exploit, claiming that the compromised single-verifier setup relied on LayerZero’s own infrastructure and defaults rather than …
https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-lay…
https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-lay…
travel_explore
web search
NEUTRAL
— KelpDAO said in a statement published on Monday that “rsETH was drained from the rsETH bridging adapter through a forged cross-chain message,” after the hackers compromised two Remote Procedure Call (…
https://www.fxstreet.com/cryptocurrencies/news/layerzero-pri…
https://www.fxstreet.com/cryptocurrencies/news/layerzero-pri…
“That allowed a cryptocurrency token linked to the major Ethereum currency to be “drained” from KelpDAO, it said.”
CORROBORATED
Multiple web search results confirm that the compromise of the servers allowed a cryptocurrency token linked to Ethereum to be drained from KelpDAO. One source specifically mentions draining 'rsETH' (a token linked to Ethereum) from KelpDAO.
travel_explore
web search
NEUTRAL
— That allowed a cryptocurrency token linked to the major Ethereum currency to be "drained" from KelpDAO, it said.
https://www.scmp.com/news/asia/east-asia/article/3350964/nor…
https://www.scmp.com/news/asia/east-asia/article/3350964/nor…
travel_explore
web search
NEUTRAL
— What to know: . . An attacker exploited Kelp DAO's LayerZero-powered bridge to drain 116,500 rsETH—about $292 million and roughly 18 percent of the token's circ
https://aetos.ai/posts/4b8675e6d72984c7
https://aetos.ai/posts/4b8675e6d72984c7
travel_explore
web search
NEUTRAL
— The most recent news about crypto industry at Cointelegraph. Latest news about bitcoin, ethereum, blockchain, mining, cryptocurrency prices and more
https://cointelegraph.com/news/layerzero-kelp-exploit-aave-l…
https://cointelegraph.com/news/layerzero-kelp-exploit-aave-l…
““On April 18, 2026, KelpDAO was exploited for approximately US$290 million,” LayerZero said in a statement.”
CORROBORATED
Multiple web search results corroborate the key facts: the exploit occurred on April 18, 2026, and the reported loss was approximately $290 million (or $292 million). One source explicitly attributes this information to LayerZero reporting the loss.
travel_explore
web search
NEUTRAL
— LayerZero: KelpDAO Loses ~$290M in Exploit, Attributed to DPRK’s Lazarus Group LayerZero reported that on April 18, 2026, KelpDAO suffered an exploit resulting in losses of approximately $290M, prelim…
https://cryptopanic.com/news/31654031/LayerZero-KelpDAO-Lose…
https://cryptopanic.com/news/31654031/LayerZero-KelpDAO-Lose…
travel_explore
web search
NEUTRAL
— Editor's Note: On April 18, KelpDAO fell victim to a $292 million asset theft.On April 18, 2026, at 17:35 (UTC), the attacker's wallet called the lzReceive function in LayerZero's EndpointV2 contract …
https://en.theblockbeats.news/news/62074
https://en.theblockbeats.news/news/62074
travel_explore
web search
NEUTRAL
— On April 20, LayerZero Labs released a statement regarding an attack on KelpDAO that occurred on April 18, resulting in a loss of approximately $2.9 billion. According to BlockBeats, the attack is bel…
https://www.binance.com/en/square/post/04-20-2026-layerzero-…
https://www.binance.com/en/square/post/04-20-2026-layerzero-…
info
Disclaimer: This analysis is generated by AI and should be used as a starting point for critical thinking, not as definitive truth. Claims are verified against publicly available sources. Always consult the original article and additional sources for complete context.