Big Crypto Hacks

A weekend breach at Kelp DAO drained about $290 million, then set off a wider run on decentralized-finance lending. (techcrunch.com) Kelp DAO is a crypto protocol that lets users park tokens to earn yield, and CoinDesk reported the attacker drained about 116,500 rsETH, or roughly 18% of the token’s circulating supply, across about 20 blockchains on April 19. LayerZero, a cross-chain messaging project touched by the exploit, said on April 20 that its preliminary indicators pointed to North Korean-linked actors, including the TraderTraitor group. (coindesk.com) (techcrunch.com) Kelp DAO pushed back on LayerZero’s public attribution, and TechCrunch reported the protocol blamed LayerZero for the theft instead. By April 20, Bloomberg reported that users had pulled roughly $9 billion from the biggest DeFi lending platform after the hack rattled confidence across the sector. (techcrunch.com) (bloomberg.com) DeFi is crypto’s version of banking without a bank, with lending and trading handled by code instead of a company balance sheet. When users rush to withdraw after a hack, the immediate pressure shows up as lower liquidity, meaning fewer readily available assets to lend, trade, or redeem. (bloomberg.com) April 2026 has already turned into one of the industry’s worst security stretches in months. CoinDesk reported that the Drift and Kelp exploits together siphoned more than $500 million in a little over two weeks, while other outlets tracking April’s tally put total DeFi losses above $600 million. (coindesk.com) (ainvest.com) The Kelp case also revived a familiar crypto-security problem: bridges and cross-chain systems move assets between blockchains, but each extra connection creates another place an attacker can slip through. TechCrunch reported that LayerZero said the hackers exploited Kelp’s security setup to push through fraudulent transactions after compromising a developer machine. (techcrunch.com) North Korea has been accused for years of using crypto theft to raise cash outside the formal financial system. TechCrunch reported that North Korean hackers stole more than $2 billion in crypto last year, and said the Kelp theft is the biggest crypto heist of 2026 so far. (techcrunch.com) The immediate question now is whether withdrawals slow and confidence returns, or whether April’s losses keep draining money from the lending pools that DeFi depends on. For now, the biggest hack of 2026 has become a test of whether crypto’s code-based finance can hold users after a shock. (bloomberg.com) (techcrunch.com)