Lazarus Group Faces Legal Battle Over $71 Million Crypto Theft

Lazarus Group Faces Legal Battle Over $71 Million Crypto Theft

First seen 11 May 2026, 09:04 UTC En.Bloomingbitapt.securelist.comInfo.Arkmattack.mitre.orgwww.justice.gov+3 87% similarity 72.5

Article Content

Browse articles
ThreatCluster

On May 6, 2026, a federal court in Manhattan began hearing claims over $71 million linked to North Korean cyberattacks. The claimants include families of victims from North Korean-attributed incidents and DeFi users affected by the April 18 hack of KelpDAO. The Lazarus Group, a North Korean cybercrime organization, is implicated in this theft, which involved exploiting a vulnerability in the KelpDAO protocol to mint fake rsETH tokens. These tokens were then used as collateral to borrow $190 million in real Ether from Aave. The U.S. Treasury's Office of Foreign Assets Control has linked Lazarus to North Korea, although the evidence remains largely untested in court. The ongoing legal proceedings could clarify the group's ties to the North Korean state and its implications for victims seeking restitution.

Key Points: • The Lazarus Group is implicated in a $71 million crypto theft from KelpDAO. • The group has a history of high-profile cyberattacks linked to North Korea. • Legal proceedings may establish clearer ties between Lazarus and North Korean state-sponsored activities.

ThreatCluster AI

Timeline

2026-04-18
KelpDAO hack occurs
An attacker exploited a vulnerability to mint 116,500 fake rsETH tokens, leading to a $190 million loss.
En.Bloomingbit
2026-05-06
Court hearings begin over $71 million claims
Families of North Korean attack victims and DeFi users face off in federal court regarding claims to the same funds.
En.Bloomingbit
2026-05-09
Lazarus Group's activities highlighted
A report details the group's history of cyberattacks and its financial motivations, emphasizing its North Korean ties.
apt.securelist.com

Community

Browse all →