AI Is Now Doing the Hacking.
A $130 Billion Crypto Sector Just Lost $600M in Four Months.
On May 15, 2026, Bloomberg reported that the $130 billion decentralized-finance (DeFi) sectoris being pushed “to the brink” by an emerging hacking pattern: large-language-model-assisted phishing, deepfaked voice and video for social-engineering pretext, and automated smart-contract vulnerability scanning. The shorthand is “AI hacking.” The longer version is that attackers are no longer hand-writing phishing emails, hand-faking executive calls, or hand-scanning protocols for bugs — the AI does it all, faster, cheaper, and at a scale that small protocol security teams cannot match.
The receipts: in the first four months of 2026, two DeFi protocols lost a combined $577M in single hacks. Kelp DAO lost $293M in April via a vulnerability in the LayerZero cross-chain messaging system. Drift Protocol lost $280M days later. A separate AI-driven social-engineering campaign against the consumer wallet Zerion stole approximately $100,000 from hot wallets — small money in dollar terms but a clean documented example of an AI-pretext-to-funds-out attack. April alone saw an aggregate $651M in stolen funds, a single-month record.
The attribution layer underneath is older than the AI layer on top of it. The OECD AI Incidents Monitor, TRM Labs, and Hacken all attribute the largest 2026 heists to North Korea’s Lazarus Group, the state-sponsored unit that has now stolen more than $6 billion in cryptocurrency since 2017 — a figure 38 North’s January 2026 analysis argues now constitutes a structural pillar of DPRK regime financing. In 2026, North Korea’s share of all crypto-service compromises is 76%.
- $130BDecentralized-finance sector TVLDefiLlama's late-April aggregate total value locked figure across major DeFi protocols. The Bloomberg framing: this is the number being put at risk.
- $577MStolen in two single-protocol April hacksKelp DAO ($293M, via LayerZero) + Drift Protocol ($280M). Both attributed to Lazarus Group on-chain forensics by TRM Labs and Hacken.
- $651MApril 2026 single-month theft recordAggregate across all tracked attacks. The pace is the part of the story Wall Street is reacting to.
- 76%Share of 2026 crypto-service compromises attributed to North KoreaPer Coinidol / blockchain-forensics aggregation. Lazarus dominates the threat landscape.
- $6B+Total Lazarus crypto theft since 2017Cumulative, per 38 North (Stimson Center) and Hacken. The DPRK regime's externally-sourced funding floor.
- AI toolsNow in the attack stack — not just defenseLLM-generated phishing in target-native languages. Deepfaked voice and video of executives for wire-fraud pretext. Automated smart-contract scanning. The OECD AI Incidents Monitor categorizes the April Kelp DAO and Drift attacks as AI-assisted.
Kelp DAO — April 18, 2026 — $293 million. Attack vector: a vulnerability in the LayerZero cross-chain messaging system that Kelp DAO used to move staked-asset balances across chains. The exploit allowed the attacker to authenticate a fraudulent cross-chain message, draining most of the protocol’s liquidity pool in a single transaction sequence. TRM Labs traces the stolen assets through standard Lazarus mixer paths (Tornado Cash residual, sinbad-class privacy chains).
Drift Protocol — April 21, 2026 — $280 million. Attack vector: a flash-loan-class exploit against the protocol’s perpetual-futures price oracle, but with reconnaissance and timing reportedly coordinated through AI-driven on-chain analytics that identified the vulnerability window. The OECD AI Incidents entry specifically flags “automated vulnerability scanning” as the discovery method.
Zerion — ongoing through April-May — ~$100,000. Attack vector: social engineering. Attackers used AI-generated content (LLM-written messages in target-native languages, deepfaked voice calls impersonating Zerion support) to convince a small number of users to disclose private-key material. Dollar figure is small; the demonstration value is large — this is a generalizable playbook deployable against any consumer wallet.
The $9B follow-on: within 72 hours of the Kelp DAO disclosure, the largest DeFi lending protocol on Ethereum (Aave) saw approximately $9 billion in TVL outflows as institutional and large-individual depositors pulled to off-chain custody. The hack hit one protocol; the panic hit the whole sector.
What “AI hacking” actually means here: not autonomous AI agents executing attacks unaided. It means LLMs used as productivity multipliers for the attacker side — reconnaissance, phishing-content generation, social-engineering pretext, smart-contract code review, on-chain analytics for laundering. The same productivity gains the rest of the technology economy is talking about, applied to financial crime.
“The $130 billion decentralized-finance sector is being pushed to the brink by an emerging hacking pattern: large-language-model-assisted phishing, deepfaked voice and video for social-engineering pretext, and automated smart-contract vulnerability scanning.”
Olga Kharif · Bloomberg · 'AI-Hacking Threat Pushes $130 Billion Crypto Sector to the Brink' · May 15, 2026
The actor: Lazarus Group is a unit of North Korea’s Reconnaissance General Bureau, specifically the cyber-warfare command often referenced as “Bureau 121.” OFAC has designated multiple Lazarus-controlled crypto wallet clusters under E.O. 13694 (significant malicious cyber-enabled activities) and E.O. 13722 (DPRK sanctions program).
The history: Bangladesh Bank SWIFT theft (2016, $81M). WannaCry ransomware (2017). Ronin Bridge / Axie Infinity ($625M, 2022). Atomic Wallet ($100M, 2023). Bybit ($1.4B+, February 2025). The 2026 wave is the same actor, the same play-book, with a new layer of AI productivity on top.
Why this matters macro: 38 North’s January 2026 paper — from the Stimson Center, not a partisan think tank — argues DPRK crypto-theft revenue now constitutes a structural funding pillar for the regime, in the same conceptual category as forced-labor remittances and weapons sales. It is not a side hustle. It is a state-sponsored revenue program.
What changes with AI: Lazarus has always been technically sophisticated; what previously bottlenecked them was operator headcount. AI removes that bottleneck. The 2025-2026 attack tempo — multiple eight- and nine-figure heists per quarter — is the productivity-multiplier story playing out in adversary tradecraft.
The reassessment is structural. Per Bloomberg’s April 21 reporting, major Wall Street firms with blockchain pilot programs — including some of the same firms that filed Bitcoin and Ethereum spot-ETF applications — are pulling forward security reviews on their custody, settlement, and DeFi-integration plans. This is not retail panic. This is fiduciaries re-examining risk-weighted exposure.
The cybersecurity-stock read: Bloomberg’s April 7 piece tracks listed-equity beneficiaries: CrowdStrike, Palo Alto Networks, SentinelOne, and Cloudflare have all seen incremental analyst-attention upgrades on the “AI is making cyber harder” thesis. This is the rare cyberattack pattern that is showing up in equity flows in real time.
The protocol-level response: DeFi protocols are accelerating spend on automated security audits, formal-verification of smart contracts, and on-chain anomaly detection. Several major DEX aggregators have implemented circuit-breaker logic that pauses transfers if on-chain flows match Lazarus-cluster heuristics. The defense is real; whether it scales fast enough to outrun AI-assisted attack tempo is the open question.
The U.S. policy lever: OFAC continues to designate Lazarus-linked wallet clusters; the U.S. Treasury Office of Cybersecurity has issued advisories to U.S. crypto exchanges on compliance obligations when Lazarus-linked addresses transact through their venues. The Trump administration’s broader stance on Bitcoin and crypto custody is permissive; the stance on DPRK-linked theft is the same as the Biden administration’s. National security beats partisan policy on this particular threat.
On-chain forensics on the Kelp DAO ($293M) and Drift Protocol ($280M) heists trace both to wallet clusters consistent with the Lazarus Group TraderTraitor toolkit.
Laundering pathway: standard multi-mixer rotation with new wave-timing patterns we attribute to LLM-assisted operational planning. Our full report is out.
The right frame: “AI hacking” in this story does not mean an autonomous large language model committed a crime. It means human attackers used the same productivity tools the rest of the economy uses — for reconnaissance, content generation, language translation, code review — to compress the time-to-attack and increase the surface area of attack.
The wrong frame: “AI is the threat.” AI is a productivity multiplier. The threat is sovereign-actor-financed organized financial crime that uses every productivity tool available. The same OECD framework that flags the DPRK attacks also notes legitimate defensive AI use is rising. The story is not AI-versus-human; it is a productivity arms race in which the side with worse compliance constraints often moves first.
The risk the frame obscures: Treating “AI hacking” as a discontinuous new threat lets policy-makers and protocols ignore that the underlying vulnerabilities — cross-chain message authentication, oracle manipulation, social-engineering against custodial-key holders — are familiar problems. AI raised the attack tempo; it did not invent the categories of attack. The defensive response, accordingly, is mostly the boring things that were the right answer five years ago: formal verification, circuit-breakers, multi-sig with hardware key custody, end-to-end audited bridges.
What to watch over the next 90 days: (1) Whether the May-June theft pace stays at April’s record level or returns to the 2024-2025 baseline. (2) Whether a major centralized exchange — not a DeFi protocol — gets hit at similar scale. (3) Whether U.S. Treasury / OFAC issues new tools-specific guidance on AI-assisted laundering pattern detection. (4) Whether the $9B DeFi-TVL drawdown reverses or compounds.
The $130 billion DeFi sector lost $577M in two April hacks and is on track for a record theft year. The attack pattern is “AI hacking” — not autonomous AI committing crimes, but state-sponsored North Korean attackers using LLMs as a productivity layer over a familiar tradecraft. 76% of 2026’s crypto theft traces to Lazarus. Wall Street is reassessing exposure. The defensive playbook is the boring one. The question is whether the protocols can run it as fast as Lazarus can iterate.