In recent weeks, the cryptocurrency world has seen a surge in devastating cyberattacks attributed to hacker groups with North Korean ties. Following the high-profile breach of the trading platform Drift just days ago, a similar attack has now struck Kelp, a prominent restaking protocol operating on LayerZero’s cross-chain infrastructure within decentralized finance (DeFi). These incidents highlight mounting concerns over vulnerabilities in critical crypto protocols.
Exploiting protocol design flaws
Unlike classic attacks that rely on breaking encryption or stealing cryptographic keys, this latest assault targeted fundamental weaknesses in Kelp’s core operational logic. The hackers manipulated the data sources that feed into the protocol’s infrastructure, tricking the system into approving fraudulent transactions based on misleading inputs. Rather than tampering with the mechanics themselves, the attackers capitalized on existing gaps in authority and oversight within the protocol.
A crucial vulnerability lay in Kelp’s use of a single validator within its cross-chain message verification process. While this approach speeds up and simplifies transaction confirmations, it drastically undermines security. Experts are now urging protocols to mandate more independent and multi-layered verification processes to prevent similar exploits in the future.
Commentators on the Kelp incident have pointed out that the main security flaw stemmed from excessive trust in the system’s validation scheme. As one industry voice emphasized: “A signature simply indicates who signed; it does not guarantee the signer’s truthfulness.”
Ripple effects and decentralization debate
The impact of the attack quickly spilled over beyond Kelp itself. Because digital assets in DeFi protocols are often used as collateral across multiple platforms, vulnerabilities in Kelp triggered a domino effect, causing distress in interconnected systems. Notably, major lending protocols such as Aave, which accepted assets originating from Kelp as collateral, suffered considerable losses. The incident demonstrated how a single weakness can trigger widespread stress across markets.
These events have reignited scrutiny of claims about decentralization in crypto ecosystems. Despite being marketed as decentralized, systems that rely on a single validator may fall short in practice. Experts note that real decentralization depends on concrete implementation choices—any weak link can expose the entire structure to collapse.
One security specialist observed, “This attack isn’t about cracking encryption, but rather about exposing structural flaws in protocol design. Relying on just a single validator is not enough to truly achieve decentralization.”
Critical infrastructure at risk
Recent patterns suggest that North Korean hackers are increasingly focusing on cross-chain infrastructure and restaking protocols. These layers, vital for moving large volumes of digital assets across networks, operate largely behind the scenes—and their invisibility makes their vulnerabilities even more dangerous. Industry analysts warn that while previous attacks centered on exchanges or software bugs, cybercriminals are now targeting the “plumbing” of the ecosystem: the platforms that enable asset transfers between chains.
Industry leaders argue that the Kelp breach didn’t stem from an entirely new security gap, but rather underlined the devastating consequences of well-known issues left unaddressed. They stress that security must shift from being viewed as an additional safeguard to becoming a mandatory standard across all protocols. In an era where attackers evolve rapidly, lingering vulnerabilities can snowball into even greater financial damages.
As one expert put it, “It’s unacceptable for a protocol to make insecure settings the default. You can’t expect every user to study exhaustive documentation just to enable basic safeguards.”
Combined losses from the attacks on Drift and Kelp have surpassed $500 million within two weeks. This unprecedented wave of incidents has led to renewed calls for a stronger security culture, tighter oversight, and greater transparency across the DeFi landscape.
