North Korean Hackers Steal $340 Million in Cryptocurrency from DeFi Platform

The Lazarus Group, a North Korean state-sponsored hacking organization, has been attributed to a $340 million theft from decentralized finance platform NexusVault after exploiting a critical smart contract vulnerability in the platform's cross-chain bridge connecting Ethereum and Solana networks.

Blockchain analysis firm Chainalysis traced the stolen funds through a complex laundering chain involving multiple mixer protocols, cross-chain swaps, and privacy coins. Approximately $45 million has already been converted to fiat currency through a network of compromised accounts on smaller exchanges.

The vulnerability exploited was a reentrancy bug in the bridge's withdrawal function — a well-known class of smart contract vulnerability that the NexusVault team had not adequately protected against despite multiple security audits.

"This attack demonstrates that the DeFi ecosystem continues to be a high-value target for nation-state actors," said Erin Plante, VP of Investigations at Chainalysis. "The Lazarus Group has stolen over $2.5 billion in cryptocurrency since 2017, and these funds directly support North Korea's weapons programs."

The FBI, working with international law enforcement and blockchain analytics firms, has frozen approximately $28 million in associated wallets. NexusVault has announced a $10 million bug bounty program and is working to compensate affected users through its insurance fund.