AI-powered crypto hacks drain $600M from DeFi as North Korean state actors exploit vulnerabilities

AI-powered crypto hacks drain $600M from DeFi as North Korea exploits surge

The two hacks came a little over two weeks apart. On 1 April, attackers drained roughly $285 million from Drift Protocol, a Solana-based derivatives exchange, after spending months posing as a quantitative trading firm to trick employees into authorising malicious transactions. On 18 April, a separate group exploited a single-verifier flaw in Kelp DAO's cross-chain bridge and extracted approximately $292 million in wrapped ether. Between them, the heists netted almost $600 million, and, according to blockchain forensics firm TRM Labs, accounted for 76% of all crypto hack losses in 2026 so far. Both attacks are widely attributed to North Korea-linked groups, according to Bloomberg . What most alarmed cybersecurity researchers, however, was not the scale but the method. TRM investigator Nick Carlsen, a former FBI analyst who specialises in North Korean crypto crime, said the sophistication of the April heists makes it highly likely the attackers used artificial intelligence to select targets and design exploits. "This is all stuff North Korea never used to do," he said. The Drift hack was devastating for the platform itself. The attackers manufactured a fictitious token, built an inflated trading record to make it appear legitimate, and used it as collateral to drain real assets in roughly 12 minutes. Drift's total value locked collapsed from $550 million to under $300 million within an hour. The exchange shut down and is now planning to relaunch after securing a roughly $148 million rescue package led by stablecoin issuer Tether. A smaller DeFi project called Carrot, which had routed user funds through Drift-integrated vaults, announced on 30 April that it was shuttering entirely. The Kelp DAO hack was worse in a different way. Rather than selling the stolen funds immediately, the attackers deposited roughly $200 million of the proceeds as collateral on Aave, the largest decentralised lending protocol. That triggered a crisis of confidence: depositors, fearing the collateral backing Aave might be worthless, pulled roughly $9 billion from the platform in two days. Total value locked across all DeFi lending protocols dropped by more than $13 billion in 48 hours. Aave ended up needing a rescue of its own. The episode illustrated a structural vulnerability that distinguishes decentralised finance from traditional banking. Transactions over blockchains cannot be reversed. There is no central authority to freeze suspicious transfers before they settle. And the interconnected nature of DeFi protocols, where one platform's collateral is another's liability, means a single exploit can cascade through an ecosystem of roughly $130 billion in locked assets. Determining whether hackers used AI is not an exact science. Investigators draw conclusions based on the sophistication of an attack, the methods employed, and the speed with which targets were identified. More than half a dozen cybersecurity researchers interviewed by Bloomberg said the abrupt rise in DeFi exploits -- April saw a record 28 to 30 incidents, almost doubling the previous high, is itself a clear indicator that attackers are deploying widely available AI models. "With AI, the cost of vulnerability detection is trending to zero," said Aneirin Flynn, chief executive of security audit firm Failsafe. The time it takes for hackers to identify a weakness in a blockchain protocol has been compressed from months to days or even hours, he said. Anthropic's own research supports the premise. In December, the company published a study showing that more than half of blockchain exploits carried out in 2025 "could have been done autonomously" using AI agents. What the researchers called "potential exploit revenue" had been doubling every 1.3 months, and the average cost of scanning a smart contract for vulnerabilities had fallen to $1.22. A separate test by engineers at a16z, the largest crypto venture capital firm, found that an AI trained on past DeFi hacks "always found the vulnerability" in a given protocol, though it could not yet fully design a profitable exploit without human assistance. Hanging over the industry is Anthropic's Mythos, the AI model the company has withheld from wide release because of its cybersecurity capabilities. In testing, Mythos autonomously discovered thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser, including a flaw in OpenBSD that had gone undetected for 27 years. Anthropic chose to limit access to a handful of major technology companies and banks through what it calls Project Glasswing, rather than releasing the model publicly. There is no evidence that the April hackers had access to Mythos. But the model's existence underscores a broader anxiety: if existing, publicly available AI tools are already capable of accelerating crypto heists to this degree, what happens when more powerful models, whether Mythos or its successors, inevitably leak or are replicated? In November, Anthropic disclosed that attackers had manipulated its Claude model to target roughly 30 entities including technology companies, financial institutions, and government agencies, succeeding in a small number of cases. In April, reports emerged that unauthorised users had gained access to the restricted Mythos model itself. The urgency to respond is mounting. Failsafe's Flynn said several clients are installing software that continuously scans devices connected to a network and alerts managers to suspicious patterns. Yuan Han Li, a partner at crypto venture firm Blockchain Capital, has called for circuit breakers that would pause or limit transactions beyond a certain threshold. Jupiter, a Solana-based trading venue, is rolling out a similar mechanism more widely. Aave is expanding its risk framework for collateral to include cybersecurity factors, according to its chief legal and policy officer, Linda Jeng. But TRM's Carlsen argues that purely defensive measures are ultimately insufficient against state-backed attackers armed with AI. "You don't win this kind of campaign playing defense," he said. The only viable response, in his view, is to turn the hackers' own methods against them and pursue the stolen funds aggressively. "They need to be hacked." The crypto industry has lost billions to exploits over the past several years, and North Korea's share of global hack losses has risen from below 10% in 2020 to 76% through April 2026, according to TRM Labs. The Drift and Kelp DAO heists suggest the threat is not plateauing. It is accelerating, and the defenders are still catching up.

Why DeFi Keeps Losing Millions to Exploits - Decrypt

It's been one of the worst years on record for DeFi hacks, and we're barely halfway through. In the first five months of 2026, more than $840 million was lost to DeFi hacks -- with April alone accounting for more than $600 million stolen, led by two of the year's biggest attacks: the $292 million KelpDAO exploit and the $285 million Drift Protocol breach. The losses have continued into May, with THORChain halting trading after security researchers flagged a suspected cross-chain exploit affecting more than $10 million. TrustedVolumes, Echo Protocol, Step Finance, Truebit, Resolv Labs, Volo Protocol, Rhea Finance, Verus-Ethereum bridge, and many others round out a casualty list that reads like a stress test of every trust assumption DeFi relies on, according to DeFiLlama data. Experts Decrypt spoke to broadly agree on the diagnosis that recent DeFi hacks are exposing structural weaknesses across bridges and admin systems, while advances in AI may be helping attackers find vulnerabilities faster. Natalie Newson, senior blockchain investigator at Web3 security platform CertiK, told Decrypt that while April was unusually severe for crypto exploits, the broader trend remains more stable and below the peak number of incidents seen in 2023. "April 2026 was a bad month for crypto exploits; there were only three days without an exploit in which at least $10,000 was taken," she said. "However, when we take a look at the wider picture, the number of incidents (excluding phishing) has arguably been fairly consistent and still lower than a peak in 2023," Newson noted, adding how April's severity was driven by 14 exploits exceeding $1 million in losses, second only to September 2025's 16. Ari Redbord, Global Head of Policy and Government Affairs at TRM Labs, told Decrypt the surge traces back to a single state actor that has gone from marginal player to defining threat in five years. "The dominant driver is North Korea, and that campaign is getting sharper, not broader," Redbord said, noting that North Korea-linked actors accounted for 76% of global crypto hack losses in the first four months of 2026, up from 64% in 2025 and less than 10% in 2020. "North Korea is using not only technology to attack the space, but also sophisticated and well-planned social engineering," he said. The year's largest DeFi hack so far hit KelpDAO on April 18, when attackers drained about 116,500 rsETH, worth roughly $292 million, from a cross-chain bridge. LayerZero, whose messaging infrastructure underpinned the bridge, said in the latest postmortem report that the attack began on March 6, when a developer was socially engineered, and session keys were harvested. The cross-chain messaging protocol said the attack was attributed by Mandiant, CrowdStrike, and independent researchers to DPRK threat actor TraderTraitor, also known as UNC4899. The structural reason DeFi keeps absorbing the hits, Redbord added, comes down to where the money sits and how it moves. "DeFi's cross-chain complexity makes it a target-rich environment -- bridges consistently produce the largest single-incident losses, and the failure modes repeat with striking consistency because the core problem is architectural," he noted. Raz Niv, Co-Founder and CTO at onchain security platform Blockaid, told Decrypt that three technical patterns keep showing up across the year's biggest incidents: privileged access control failures, malicious proxy upgrades where attackers swap implementation contracts for backdoored versions, and cross-chain message verification gaps. On privileged access, Niv said the firm monitors for "anomalous 'Role Granted' events and unauthorized privilege escalation," with incidents like the Echo Protocol exploit tracing back to compromised or misconfigured admin keys. "Attackers either social engineer their way to private keys or exploit poorly designed multisig thresholds," he added. He pointed to failures involving privileged access controls, malicious proxy upgrades and cross-chain verification systems, saying that recent attacks are exposing deeper weaknesses in the assumptions connecting increasingly complex infrastructure. "The common thread isn't complexity per se," Niv said. "It's that each layer of abstraction (proxies, admin roles, cross-chain messaging) introduces trust assumptions that attackers methodically probe." Niv said AI is increasingly transforming exploit discovery, though he cautioned that its impact is often misunderstood. Current models are becoming increasingly effective at identifying known vulnerabilities at scale and are "automating what skilled auditors do," he said, while warning that "the real concern isn't AI replacing human attackers" but AI "amplifying attackers" by handling reconnaissance and freeing them to focus on more sophisticated techniques. "The good news is defenders can use the same tools. AI-assisted monitoring and simulation is becoming essential for security teams trying to keep pace," Niv added. In the case of the surge in DeFi hacks, Newson pointed to a similar trend, saying "one factor that is likely a contributor, though not the sole factor, is the advances in AI." She added that CertiK has seen a rise in older and unverified contracts being exploited, making "the logical assumption that AI is helping find vulnerabilities." Similarly, Redbord said "bad actors are deploying AI at scale" across reconnaissance, social engineering, and exploit design, adding the sophistication seen in attacks like on Drift appears "consistent with AI-assisted workflows." TRM analysts believe North Korean operators are increasingly incorporating AI tools into their operations, with him saying, "the answer is to deploy AI on defense with the same aggression adversaries are deploying it on offense. Redbord said DeFi hacks are "a solvable problem," but said that the industry needs to be more honest about where failures are actually occurring. He noted that "audits protect against code bugs" but not against sophisticated social engineering campaigns like Drift, where North Korean proxies reportedly spent months cultivating access before the breach. "The model that works is real-time public-private coordination," the expert added. Newson said 2026 may represent "an evolutionary turning point," saying the industry is learning that cybersecurity is a "full-stack problem" spanning "AI, the DPRK, or infrastructure and personnel." "It doesn't matter how perfect your math is on-chain if your human processes off-chain are vulnerable," she said, noting the industry is increasingly shifting toward "practical, structural solutions" to address infrastructure and social-engineering risks. The damage to confidence in the DeFi space is harder to quantify but easy to observe. The Kelp DAO exploit triggered a $6.2 billion wave of withdrawals from Aave alone, before a relief effort led by Aave CEO Stani Kulechov, dubbed "DeFi United," raised 132,650 ETH worth roughly $303 million to backstop the bad debt. The coordinated response shows the industry can mobilize. It also shows how much capital it takes to paper over a single bridge exploit. Newson said the fallout depends entirely on who's affected. "Seasoned industry veterans may look at the last six weeks as par for the course -- simply the next evolutionary norm and a harsh experience to be learned from," she said. She noted the impact of repeated exploits looks very different for newer market participants, warning that for users who lose significant funds, the fallout isn't a "learning experience" but raises "existential questions" about crypto's long-term "viability and safety," with technical fixes often arriving too late to undo the damage.

AI Cyber Threats Shake Crypto Industry | PYMNTS.com

By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions. Following the hacks, which netted the attackers a total of almost $600 million, Drift shut down and plans to relaunch after receiving stablecoins from Tether; a decentralized finance (DeFi) project called Carrot that had exposure to Drift shut down permanently; and lending protocol Aave, which was used to launder proceeds from one of the hacks, needed a rescue after investors pulled $9 billion, according to the report. What has alarmed the industry most about these hacks is that they were likely supported by AI, the report said. While that cannot be proven, cybersecurity experts said in the report that the attacks had become so much more sophisticated, so quickly, that the hackers behind them were probably helped by AI. Beyond that, there is the looming presence of Anthropic's Mythos AI model, which the company has kept in limited release due to the cybersecurity risks it poses, as well as the likelihood that hackers will obtain other powerful AI models. Cybersecurity experts said in the report that AI can help hackers find weaknesses in a blockchain protocol in days or hours, rather than months, and can give anyone the skills of an elite hacker. Crypto firms' responses to the threat of AI include adding software that scans devices connected to a network to detect potential threats; installing circuit breakers that pause or limit transactions above a certain threshold; and, for DeFi lenders, expanding the risk framework for collateral to include cybersecurity factors, per the report. In an update Drift provided in April while the attack on its crypto exchange was underway, the company said: "This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of double nonce accounts to pre-sign transactions that delayed execution." In the Kelp DAO hack, it was reported in April that this action highlighted the risks of interconnected systems in DeFi because the failure of one piece can threaten the entire structure.