Post-mortems &
security analysis.
Every article starts from on-chain evidence. We reconstruct attack sequences before any protocol statement and track recovered funds until the case is closed.
Kelp DAO — $292M drained via forged LayerZero messages after RPC node compromise and coordinated DDoS
Lazarus Group compromised LayerZero's internal RPC nodes, orchestrated a simultaneous DDoS on third-party nodes, and exploited Kelp's single-verifier bridge configuration to release 116,500 rsETH against a burn that never happened.
Kelp DAO · Ethereum · 22 min read Drift Protocol — $285M drained after a six-month DPRK social engineering operation on Solana
North Korean operatives spent six months posing as a quant trading firm, obtained pre-signed admin transactions via Solana's durable nonces, deployed a fake token with a rigged oracle, and drained 50% of Drift's TVL in under two hours.
Drift Protocol · Solana · 25 min read Hyperliquid — $4.9M HLP vault bad debt from POPCAT price manipulation across 19 wallets
An attacker spent $3M to inflict $4.9M in bad debt on Hyperliquid's liquidity vault by artificially pumping POPCAT with coordinated leveraged longs across 19 addresses, then crashing the price to trigger a liquidation cascade the protocol had to absorb.
Hyperliquid · Hyperliquid L1 · 16 min read