Hackers linked to North Korea keep finding new ways to drain crypto funds

Less than three weeks after North Korea-linked hackers used social tricks to steal from a crypto trading firm, they struck again. This time, they hit Kelp, a platform that helps crypto assets move between different blockchains. The attack didn’t involve breaking encryption or guessing passwords. Instead, the hackers tricked the system into accepting fake data, allowing them to approve transactions that never should have gone through. Experts say this wasn’t a clever new hack but a classic trick working because of how the system was built. Kelp relied on a single checker to approve cross-chain messages, making it fast and easy to set up. But that also made it vulnerable. Imagine a bank that only needs one employee to verify a withdrawal—that’s how Kelp worked. After the breach, LayerZero suggested requiring multiple checkers, like needing two signatures on a big bank transfer. Some disagreed, saying LayerZero already warned users about this risk in its instructions.The problem spread beyond Kelp. Many crypto platforms use its assets as collateral, meaning their value depends on Kelp staying safe. When that link broke, other platforms faced losses too. It’s like a chain reaction—if one link fails, the whole chain weakens. This shows how fragile some parts of crypto can be when they depend on a single point of failure. Another issue is how decentralization is often misunderstood. Kelp’s single verifier might sound decentralized, but it’s really just a centralized system in disguise. Decentralization isn’t just a label—it’s about how a system is built. If even hidden layers like data providers have weak spots, attackers will find them. North Korea-linked hackers seem to be targeting these less obvious parts of crypto, places where big money moves but few people pay attention. So what’s the real lesson? Many crypto hacks aren’t about unknown flaws but about known risks that get ignored. The Kelp exploit didn’t introduce a new problem—it showed how exposed the system is when security is treated as an option rather than a must. As hackers get faster, these gaps become more dangerous and expensive to fix.