Crypto's $2.2B Hack Crisis: Why Audits Can't Stop Human Exploits
Crypto's biggest hacks are no longer coming from smart-contract bugs — they're coming from operational and human…
Every Zipp story tagged #LazarusGroup, newest first.
Crypto's biggest hacks are no longer coming from smart-contract bugs — they're coming from operational and human…
The restart comes a week after a Lazarus-linked April 18 attack drained the restaking market's largest LRT — a clean recovery test for the DeFi lending stack that absorbed the impact.
Three protocols with $2.3B combined just walked — the first measurable TVL migration since LayerZero admitted a Lazarus-linked RPC exploit and a 1/1 DVN misconfiguration.
The $292M Kelp DAO exploit exposed a single-verifier setup LayerZero now admits should never have shipped — and a 3.5-year-old multisig incident the protocol kept quiet until Friday.
The order is a narrow procedural win for the recovery plan — but the restraining notice now follows the ETH wherever it lands, keeping terrorism judgment creditors one step behind the protocol.
The reframing aims to give attackers legal title to the frozen ether under a 19th-century fraud doctrine — the move that lets victims reach the funds at all, before a May 6 Manhattan hearing.
April's Drift and Kelp breaches cost more than half a billion dollars combined, with no smart-contract bug — just months of social engineering that walked past every system built to flag a hack.