AI gave North Korean hackers a $600 million month. DeFi is still working out how to respond.

Two North Korea-linked hacks in April drained almost $600 million from DeFi protocols Drift Protocol ($285 million) and Kelp DAO ($292 million). Cybersecurity experts believe the attackers used AI to select targets and design exploits. The Kelp DAO hack triggered $9 billion in outflows from Aave in two days, exposing DeFi’s systemic fragility.

The two hacks came a little over two weeks apart. On 1 April, attackers drained roughly $285 million from Drift Protocol, a Solana-based derivatives exchange, after spending months posing as a quantitative trading firm to trick employees into authorising malicious transactions. On 18 April, a separate group exploited a single-verifier flaw in Kelp DAO’s cross-chain bridge and extracted approximately $292 million in wrapped ether. Between them, the heists netted almost $600 million,  and, according to blockchain forensics firm TRM Labs, accounted for 76% of all crypto hack losses in 2026 so far.

Both attacks are ...