AI-powered crypto hacks drain $600M from DeFi as North Korea exploits surge

AI-powered crypto hacks drain $600M from DeFi as North Korea exploits surge

Briefly

"On 1 April, attackers drained roughly $285 million from Drift Protocol, a Solana-based derivatives exchange, after spending months posing as a quantitative trading firm to trick employees into authorising malicious transactions. On 18 April, a separate group exploited a single-verifier flaw in Kelp DAO's cross-chain bridge and extracted approximately $292 million in wrapped ether. Between them, the heists netted almost $600 million, and, according to blockchain forensics firm TRM Labs, accounted for 76% of all crypto hack losses in 2026 so far."

"Both attacks are widely attributed to North Korea-linked groups, according to Bloomberg . What most alarmed cybersecurity researchers, however, was not the scale but the method. TRM investigator Nick Carlsen, a former FBI analyst who specialises in North Korean crypto crime, said the sophistication of the April heists makes it highly likely the attackers used artificial intelligence to select targets and design exploits. "This is all stuff North Korea never used to do," he said."

"The Drift hack was devastating for the platform itself. The attackers manufactured a fictitious token, built an inflated trading record to make it appear legitimate, and used it as collateral to drain real assets in roughly 12 minutes. Drift's total value locked collapsed from $550 million to under $300 million within an hour. The exchange shut down and is now planning to relaunch after securing a roughly $148 million rescue package led by stablecoin issuer Tether."

"The Kelp DAO hack triggered $9 billion in outflows from Aave in two days, exposing DeFi's systemic fragility. The incident involved exploiting a single-verifier flaw in Kelp DAO's cross-chain bridge and extracting approximately $292 million in wrapped ether, which then led to rapid withdrawals across connected lending infrastructure."