Back

Lazarus Group Faces Legal Battle Over $71 Million Crypto Theft

Severity: High (Score: 72.5)

Sources: En.Bloomingbit, apt.securelist.com

Summary

On May 6, 2026, a federal court in Manhattan began hearing claims over $71 million linked to North Korean cyberattacks. The claimants include families of victims from North Korean-attributed incidents and DeFi users affected by the April 18 hack of KelpDAO. The Lazarus Group, a North Korean cybercrime organization, is implicated in this theft, which involved exploiting a vulnerability in the KelpDAO protocol to mint fake rsETH tokens. These tokens were then used as collateral to borrow $190 million in real Ether from Aave. The U.S. Treasury's Office of Foreign Assets Control has linked Lazarus to North Korea, although the evidence remains largely untested in court. The ongoing legal proceedings could clarify the group's ties to the North Korean state and its implications for victims seeking restitution. Key Points: • The Lazarus Group is implicated in a $71 million crypto theft from KelpDAO. • The group has a history of high-profile cyberattacks linked to North Korea. • Legal proceedings may establish clearer ties between Lazarus and North Korean state-sponsored activities.

Key Entities

  • Lazarus (apt_group)
  • Ransomware (attack_type)
  • Aave (platform)
  • Bangladesh Bank (company)
  • Bybit (company)
  • KelpDAO (company)
  • Sony Pictures (company)
  • Ethereum (company)
  • China (country)
  • North Korea (country)
  • South Korea (country)
  • Financial (industry)
  • WannaCry (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed