Cyber Incident Victim: Kelp DAO
Date:
Apr 2026
Location:
—
Summary
Kelp DAO experienced a hack that, combined with a separate incident, led to losses amounting to hundreds of millions of dollars and was traced to North Korean actors. The event underscored persistent vulnerabilities in decentralized finance protocols and prompted scrutiny over the suitability of blockchain technology for institutional financial operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In April 2026, the Kelp DAO protocol suffered a security breach that was identified as one of the two most notable cryptocurrency hacks of the month, the other being the Drift protocol. Together, the Kelp DAO and Drift incidents accounted for $579 million in losses, contributing to a total of $651 million in cryptocurrency losses recorded across the industry during April 2026. This monthly total was the largest since March 2022, excluding the February 2025 Bybit hack, according to crypto security firm Certik. The article reporting these events was published on May 3, 2026, by Gizmodo. Blockchain analytics firm TRM Labs later reported that 76 percent of all cryptocurrency value extracted from hacks in that year was linked to North Korea, specifying that this attribution came solely from the Drift and Kelp DAO incidents. The TRM Labs report also noted that the North Korean regime had accumulated more than $6 billion from cryptocurrency hacking operations over the years. Regarding the Drift incident specifically, its team described the hack as resulting from a six‑month social engineering operation that allowed North Korean agents to gain access to critical infrastructure and manipulate the protocol to extract hundreds of millions of dollars worth of crypto.
The Kelp DAO hack, alongside the Drift incident, prompted crypto market observers to question whether blockchain infrastructure could be relied upon by traditional financial institutions seeking to adopt the technology. It also contributed to a broader reassessment by major Wall Street firms regarding the suitability of decentralized finance for their operations, echoing concerns raised after earlier DeFi breaches such as the Balancer hack. In response to the April hacks, commentators pointed out that the centrally‑planned actions taken to address the incidents exposed what they described as decentralization theater within the industry. Some observers noted that the increasing use of centralized backdoors in crypto projects made the ecosystem resemble traditional financial systems more than the decentralized ideals originally promoted. The discussion highlighted that stablecoin issuer Circle had received criticism for not intervening in incidents where its USDC tokens were lost or stolen, stating it wanted to limit any backdoor control to situations with a court order. Additionally, the article mentioned that traditional financial institutions might opt for more controlled blockchain networks where security incidents could be better managed, avoiding the permissionless nature of open networks. These developments fueled ongoing debate about the extent to which contemporary cryptocurrency systems resemble traditional financial structures rather than the decentralized ideals originally promoted.