Autor Cointelegraph by Yohan Yun

Kelp DAO suffered a $292 million hack on Saturday, overtaking Drift as the largest crypto exploit of the year so far. North Korea-linked hackers are suspected to be behind the attack.Kelp DAO said Monday that the exploit stemmed from a failure of cross-chain messaging protocol LayerZero’s infrastructure. LayerZero said the breach was enabled by Kelp DAO’s use of a single verifier configuration to approve cross-chain messages.LayerZero said that “preliminary indicators” attributed the exploit to TraderTraitor, a subgroup of North Korea’s state-backed hacking unit known as Lazarus Group. Blockchain investigator Tanuki42’s findings also found ties to TraderTraitor. Tanuki42 said Tuesday that funds stolen from the Kelp DAO incident have commingled with previous exploits linked to the same group.While North Korea’s cyber activity targeting decentralized finance platforms has accelerated in April, its tactics also pose a threat to companies and end users.Funds from the Kelp DAO exploit have commingled with wallets linked to the $1.4 billion Bybit hack in February 2025. Source: Tanuki42North Korea’s crypto schemes back in focusThe April Fools’ Day exploit on decentralized exchange Drift totaled $285 million, bringing suspected North Korea-linked crypto theft to at least $578 million across major incidents throughout the month.The two attacks are the largest crypto heists attributed to North Korean actors since the Bybit hack.By now, the crypto industry has caught on that DPRK-linked operatives pose as IT developers to secure remote jobs at tech companies. Security researchers and the United Nations say that this tactic generates millions of dollars to support North Korea’s weapons programs.Weak background checks allow North Korean IT workers to secure remote gigs. Source: Tanuki42Related: North Korean cyber spies are no longer just remote threatsIn March, the US Treasury Department sanctioned six individuals and two entities for their alleged roles in North Korean IT worker fraud schemes. The FBI also issued guidance in June, recommending that employers verify candidates’ professional history and require in-person meetings.However, the Drift exploit suggests Pyongyang’s cyber operatives are adapting. The DeFi platform said its contributors were approached in person by individuals posing as a quant trading firm at a major crypto conference in November. The attackers continued to communicate and build trust ahead of the breach.Smaller-scale attacks have continued in parallel. Crypto wallet provider Zerion said DPRK-linked actors used AI-assisted social engineering to steal about $100,000 in a separate incident.North Korea rarely responds to such accusations, though its foreign ministry issued a statement in May 2020 denying involvement in cyberattacks and accusing the United States of attempting to tarnish its image.Retail crypto scams surge as DPRK tactics spill overThe Federal Bureau of Investigation (FBI) reported a 21% increase in crypto-related crime complaints in its 2025 Internet Crime Complaint Center (IC3) report. The FBI launched IC3 in 2000 as a portal for victims in the US to report online fraud.Cryptocurrency cases were linked to 181,565 complaints in 2025, resulting in $11.37 billion in losses, more than half of the total.Investors aged 60 and above reported the most complaints involving crypto in 2025. Source: FBIRelated: North Korean spy slips up, reveals ties in fake job interviewOlder Americans aged 60 and above filed the highest number of crypto-related complaints. Investment scams were the largest category, generating 61,559 complaints, including 13,685 from people 60 and older.That doesn’t mean the retail sector is untouched by suspected North Korean operations. An investigation published last November found that DPRK-linked operatives also recruit individuals to support remote IT worker schemes.Throughout 2025, Heiner García, a cyberthreat intelligence expert at Telefónica, came into contact with a suspected North Korean operative.García previously told Cointelegraph that the individual attempted to use him as a proxy to bypass VPN restrictions set by freelancing platforms. The tactic involves using a victim’s device in a local jurisdiction by installing remote access software such as AnyDesk.In August 2024, the US Department of Justice arrested Matthew Isaac Knoot for running a “laptop farm” that allowed DPRK IT workers to appear as US-based employees using stolen identities. In July 2025, Christina Chapman was sentenced to more than eight years in prison for her role in helping North Korean IT workers earn more than $17 million.The tradeoff behind freezing funds stolen by suspected DPRK actorsA unique element of the Kelp DAO hack was the Arbitrum Security Council’s decision to freeze 30,766 ETH linked to the exploit.Crypto’s ethos is decentralization, yet responses to major hacks continue to divide the industry. Some projects lean toward minimal intervention, even as security experts call for action, leaving little consensus on when it is appropriate to step in.USDC issuer Circle faced criticism from industry participants for its inaction in the Drift hack. Source: James SeyffartLedger CTO Charles Guillemet said on Tuesday that the outcome was “probably” good, but not a comfortable one. Freezing the funds likely prevented further losses. The discomfort comes from what the action makes explicit.The Arbitrum Security Council did not exploit a bug or discover a backdoor. It exercised its intended authority to override the state. That authority exists by design and sits in tension with the idea of credibly neutral infrastructure. In practice, assets on today’s rollups can still be affected by governance decisions under certain conditions.Guillemet ties that tradeoff to the threat environment. The Kelp DAO exploit did not rely on a novel smart contract bug. It exposed weaknesses in infrastructure and configuration, showing how attacks are moving beyond code into the systems that support it.At the same time, North Korea-linked groups have evolved into well-resourced, persistent adversaries capable of probing those systems across multiple fronts.That leaves the industry split between accepting intervention or accepting losses that cannot be undone.Magazine: Adam Back says current demand is ‘almost’ enough to send Bitcoin to $1MCointelegraph Features publishes long-form journalism, analysis, and narrative reporting produced by Cointelegraph’s in-house editorial team with subject-matter expertise. All articles are edited and reviewed by Cointelegraph editors in line with our editorial standards. Research or perspective in this article does not reflect the views of Cointelegraph as a company unless explicitly stated. Content published in Features does not constitute financial, legal, or investment advice. Readers should conduct their own research and consult qualified professionals where appropriate. Cointelegraph maintains full editorial independence. The selection, commissioning, and publication of Features and Magazine content are not influenced by advertisers, partners, or commercial relationships. This content is produced in accordance with Cointelegraph’s Editorial Policy.

Banks are moving onchain through competing models that take different approaches to how financial rules are enforced.On the one hand are blockchain-native builders like Matter Labs co-founder Alex Gluchowski, who argue that financial systems require rules to be enforced across all participants. On the other are institution-led networks like Canton, which prioritize privacy, control and interoperability over global state.Gluchowski is among the most vocal critics of the latter approach, arguing it reproduces the limitations of traditional finance in a new form. The core of the critique is whether rules can be enforced across an entire network. That’s not possible in systems like Canton, he claimed.“But they are possible with blockchains — specifically with zero-knowledge systems anchored to public blockchains like Ethereum, which is an environment all parties can trust because it cannot be captured by any single corporate interest,” Gluchowski told Cointelegraph.Crypto’s institutional adoption is bringing banks and financial institutions onchain, but it’s also splitting the industry along a deeper fault line than geography or regulation.Canton rose into the top 21 cryptocurrencies despite criticism from decentralization purists. Source: CoinGeckoWhat counts as a blockchain?Canton has gained traction by targeting privacy and regulatory requirements, connecting banks and asset managers through a network where transactions are shared only with relevant counterparties rather than broadcast system-wide. The network includes institutional participants such as JPMorgan and Goldman Sachs.Whether Canton counts as a blockchain depends on how the term is defined and what properties it is expected to guarantee.For Gluchowski, a blockchain’s core feature is a single shared ledger that allows rules to be enforced across all participants at once. He claimed Canton does not qualify. The network connects institutions through bilateral or trilateral relationships, where each party sees and verifies the transactions it is directly involved in. “Before blockchains, banks had to enter bilateral relationships and define how they handle edge cases through contracts and API interactions,” Gluchowski said. “It’s just taking these existing relationships and workflows and putting them into a tokenized form.”Gluchowski said Canton’s model limits what the system can guarantee. While participants can verify the transactions they are directly involved in, they cannot independently verify system-wide properties such as total asset supply or other rules that apply across all users. He added that those kinds of guarantees require a shared state that everyone can check.Digital Asset co-founder details how Canton differs from legacy systems in practice. Source: Shaul KfirRelated: Privacy tools are rising behind institutional adoption, says ZKsync dev “[Gluchowski] is correct that Canton does not have a global shared state, but he is incorrect in implying that this negatively affects Canton’s trust model,” Shaul Kfir, co-founder of Digital Asset, responded through a statement shared with Cointelegraph.“In Canton, as in all other blockchains, I only trust my own validator and assume anyone else can be malicious. This ‘don’t trust, verify’ approach is very different from a distributed API system,” Kfir added.In Canton’s model, trust does not come from a single system-wide view, but from each party independently checking the transactions it is involved in.Network rules clash with issuer controlFollowing the conversation with Cointelegraph, Gluchowski took part in a live debate with another Digital Asset co-founder, Yuval Rooz. He reiterated his argument that financial rules must be enforced across an entire network in a blockchain network.Rooz countered that system-wide enforcement doesn’t eliminate reliance on trusted parties, as public blockchain users still depend on token issuers. Rooz pointed to hacks that involved assets like USDC to argue that issuers remain the key enforcement mechanism.The industry has repeatedly called for Circle to freeze stolen funds before illicit actors trade them for decentralized assets. Source: ZachXBTRelated: Instant settlement strains crypto’s capital efficiency: Ethan Buchman“Actually, we would have been happier — as we’ve seen a lot of the crypto space saying if the centralized issuer were to intervene sooner rather than allowing these assets being traded and swapped into permissionless assets where then they can no longer interfere,” Rooz said.“On Canton, no different than any other public chain, the issuer is centralized in real world assets, and they have different properties or similar properties to what they would have on public permissionless chains,” he added.Gluchowski argued that issuance limits can be embedded directly into smart contracts. He said that on networks like Ethereum, activity beyond a certain threshold can be restricted or require additional approval, rather than relying solely on the issuer’s infrastructure.“On Canton, you rely solely on the multisig. On Ethereum, you rely on smart contracts that are enforced by the network,” Gluchowski said.“It’s just absolutely not true,” Rooz replied.Kfir, whose statement was shared with Cointelegraph after the live debate, said that Gluchowski is “confusing the capabilities of Canton” with how it is used by centralized RWA issuers. “When there’s a centralized RWA issuer, e.g. a stablecoin issuer, you’re already trusting them with the ‘mint’ function, and you’re trusting them and their auditors that the amount onchain is backed by reserves off-chain,” Kfir said.Competing visions for bringing banks onchainCanton and Matter Labs are competing to solve the same problem of how institutional finance moves onchain. Matter Labs, the developer of ZKsync, is targeting institutional use cases with Prividium, a model that keeps transactions private while anchoring verification to Ethereum through zero-knowledge proofs.Kfir argued that systems like Prividium risk concentrating trust in a different place. In his view, users are no longer independently validating the relevant state, forcing them to reconcile their own records against what an operator reports happened onchain.“ZKsync relies on Prividium operators who create ZKPs, but ZKsync’s own open source client doesn’t verify these proofs,” he said. “And even if a user does verify, it doesn’t verify which smart contract logic is running. The user is completely at the mercy of the Prividium operator.”Gluchowski defended ZK technology in a February social media exchange with Rooz. Source: Alex GluchowskiRooz did concede one point during the debate, which is that Canton does not have public verifiability, while adding that there are plans to introduce it in the future.For now, the divide remains unresolved. Canton is built around privacy and institutional control, while ZKsync’s Prividium attempts to preserve those features while anchoring verification to a public network. Both claim to offer a viable path for bringing banks onchain, but they are built on fundamentally different assumptions about how financial systems should work.Magazine: Adam Back says current demand is ‘almost’ enough to send Bitcoin to $1MCointelegraph Features publishes long-form journalism, analysis, and narrative reporting produced by Cointelegraph’s in-house editorial team with subject-matter expertise. All articles are edited and reviewed by Cointelegraph editors in line with our editorial standards. Research or perspective in this article does not reflect the views of Cointelegraph as a company unless explicitly stated. Content published in Features does not constitute financial, legal, or investment advice. Readers should conduct their own research and consult qualified professionals where appropriate. Cointelegraph maintains full editorial independence. The selection, commissioning, and publication of Features and Magazine content are not influenced by advertisers, partners, or commercial relationships. This content is produced in accordance with Cointelegraph’s Editorial Policy.