← Back to News
Lazarus Group Suspected in Record $285M KelpDAO Exploit, DeFi TVL Plummets
DeFiBearish4 min readApril 20, 2026BeInCrypto

Lazarus Group Suspected in Record $285M KelpDAO Exploit, DeFi TVL Plummets

North Korea's Lazarus Group, via the TraderTraitor subgroup, is implicated in the massive KelpDAO exploit, now the largest DeFi loss of 2026. This sophisticated attack, targeting RPC infrastructure, has shaken confidence in DeFi, leading to a significant drop in Total Value Locked (TVL) across major platforms like Aave.

The decentralized finance (DeFi) ecosystem is reeling from what is now the largest DeFi loss of 2026, a $285 million exploit targeting KelpDAO on April 18th. Preliminary investigations by LayerZero Labs strongly suggest the involvement of North Korea's notorious Lazarus Group, specifically its TraderTraitor subgroup. This attack was not a direct protocol exploit but a highly sophisticated manipulation of downstream RPC infrastructure, compromising the integrity of transaction verification.

This incident follows closely on the heels of another major breach, the $285 million Drift Protocol exploit on April 1st, which was also attributed to state-backed North Korean actors. These escalating, complex cyber operations highlight a growing threat landscape. Chainalysis data underscores this, revealing a record $2.02 billion stolen by North Korea-linked hackers in 2025, a substantial increase driven by incidents like the $1.5 billion Bybit hack in February 2025.

The market fallout has been immediate and visible. Trust within the DeFi sector has taken a significant hit, reflected in a sharp decline in Total Value Locked (TVL). Aave, a prominent DeFi lending protocol, saw its TVL drop by $8.45 billion in just two days, falling to $17.947 billion. Across the entire DeFi ecosystem, TVL has plummeted by $13.21 billion, from $99.497 billion to $86.286 billion.

The price action of Aave's native token, AAVE, has also suffered, dropping 3.84% in the past 24 hours after an earlier 20% decline. Reports indicate that large holders, or 'whales,' offloaded over $6 million in AAVE tokens following the KelpDAO exploit, signaling a loss of confidence among significant market participants.

For P2P trading merchants operating on platforms like Binance P2P and Bybit P2P, this DeFi instability can create ripple effects. While direct exposure to DeFi exploits might be limited, a general downturn in crypto market sentiment and a flight to perceived safety can impact trading volumes and spreads for stablecoins like USDT. Merchants may see increased demand for stablecoins as a safe haven, but also potentially wider bid-ask spreads due to heightened market volatility and risk aversion. The ongoing sophistication of these attacks underscores the need for vigilance and robust risk management strategies within the broader crypto market.