Connect with us

CyberSecurity

North Korean Hackers Blamed for $290 Million Crypto Theft from Kelp DAO

Published

on

North Korean Hackers Blamed for $290 Million Crypto Theft from Kelp DAO

A massive cryptocurrency heist over the weekend has shaken the decentralized finance (DeFi) world. Hackers made off with more than $290 million from Kelp DAO, a protocol designed to help users earn yields on idle crypto assets. By Monday, LayerZero—a project connected to the exploit—publicly accused North Korean hackers of orchestrating the attack. This theft now stands as the largest crypto theft of 2025, surpassing a $285 million breach at crypto exchange Drift in April.

How the Kelp DAO Hack Unfolded

According to a post on X (formerly Twitter), LayerZero revealed that the hackers targeted Kelp DAO through its bridge infrastructure. The LayerZero bridge enables different blockchains to communicate and transfer instructions seamlessly. However, the attackers exploited a critical flaw in Kelp’s security configuration.

Specifically, the protocol did not require multiple verifications before approving transactions. This oversight allowed the hackers to submit fraudulent transactions and drain the funds without raising immediate alarms. In essence, a single compromised step was enough to authorize the massive transfer.

North Korean Hackers: The Prime Suspects

LayerZero cited what it called “preliminary indicators” pointing to North Korea as the culprit. The company specifically named the TraderTraitor hacking group, which has a well-documented history of targeting crypto platforms. This group operates under the direction of Kim Jong Un’s regime and has become increasingly sophisticated in recent years.

Kelp DAO, however, did not accept the blame quietly. The protocol fired back, accusing LayerZero of negligence and suggesting that the bridge itself was the weak link. This finger-pointing highlights the growing tensions within the DeFi ecosystem when security breaches occur.

The Scale of North Korean Crypto Theft

The North Korean crypto theft problem is not new. Last year alone, hackers working for the regime stole more than $2 billion in digital assets. Since 2017, the cumulative total of stolen crypto attributed to North Korea has reached approximately $6 billion, according to industry analysts. These funds are believed to bankroll the country’s weapons programs and other state activities.

This latest heist underscores how North Korean hackers continue to refine their methods. They often exploit cross-chain bridges and DeFi protocols, which remain vulnerable due to their rapid development cycles and sometimes lax security standards.

Implications for DeFi Security

This incident serves as a stark reminder for the entire crypto industry. DeFi platforms must prioritize multi-signature verification and rigorous auditing of smart contracts. As security experts often note, even a single oversight can lead to catastrophic losses.

Moreover, the involvement of state-backed actors like TraderTraitor raises the stakes. These groups have virtually unlimited resources and patience, making them formidable adversaries for any protocol. Building on this, regulators are likely to intensify scrutiny of cross-chain bridges and decentralized exchanges.

What Kelp DAO and LayerZero Should Do Next

Both projects need to conduct transparent post-mortems and implement stronger safeguards. Kelp DAO should consider adopting threshold signatures and time-locked withdrawals. Meanwhile, LayerZero must ensure its bridge code is audited by multiple independent firms.

In addition, the broader community should push for shared threat intelligence. As best practices evolve, collaboration between protocols can help detect and prevent similar attacks in the future.

Ultimately, the $290 million heist is a wake-up call. The DeFi sector cannot afford to ignore the growing threat posed by North Korean hackers. Every protocol must treat security as a non-negotiable priority, not an afterthought.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

CyberSecurity

Nightmare Eclipse Strikes Again: ‘LegacyHive’ Windows Zero-Day Lands on Patch Tuesday

Published

on

LegacyHive Windows zero-day

Another Patch Tuesday, Another Zero-Day From a Disgruntled Researcher

On July 14, 2026 — the same day Microsoft shipped its latest batch of security fixes — the security researcher known as Nightmare Eclipse (also called Chaotic Eclipse) published yet another unpatched Windows vulnerability. This one is called LegacyHive.

It’s a local privilege escalation bug hiding inside the Windows User Profile Service. Successful exploitation lets an attacker load other users’ registry hives, including those belonging to administrators. That’s a direct path to gaining higher privileges on a compromised machine.

The timing is deliberate. Nightmare Eclipse has made a habit of dropping zero-days on or near Patch Tuesday, maximizing pressure on Microsoft while minimizing the window for defenders to react.

What LegacyHive Does — and What It Doesn’t Do (Anymore)

The proof-of-concept (PoC) exploit code works on systems running the July 2026 patches. According to the researcher, the PoC requires credentials for a standard user account plus a third username — which can be an admin account. If it succeeds, the exploit mounts the target user’s hive into the current user’s classes root.

Here’s where it gets interesting. Nightmare Eclipse released LegacyHive with a stripped PoC — deliberately neutered to reduce the chance of immediate in-the-wild exploitation. That’s a departure from previous drops.

The original version, the researcher claims, didn’t need user credentials at all. It could load any hive, not just the usrclass.dat file. That full-power variant is still possible, the researcher says, but would require extra work to reconstruct.

Why Strip the PoC?

It’s a calculated move. By releasing a limited proof-of-concept, Nightmare Eclipse publicizes the vulnerability’s existence without handing attackers a ready-made weapon. Security teams can test defenses and Microsoft can develop a patch — but the bar for real-world exploitation stays higher than it would be with a full exploit.

Whether that restraint holds is another question. Other researchers or threat actors could reverse-engineer the stripped code and rebuild the missing functionality.

Nightmare Eclipse’s Growing Zero-Day Arsenal

This isn’t a one-off. Nightmare Eclipse has now released more than half a dozen zero-days targeting Microsoft products. The list includes BlueHammer, RedSun, and UnDefend — all of which have been spotted in active attacks. Then there are GreenPlasma, RoguePlanet, YellowKey, and GreatXML.

Each one follows a similar pattern: a focused, single-vulnerability exploit with enough detail to demonstrate the flaw but often short of a full weaponized payload. The cumulative effect is a steady drumbeat of unpatched Windows bugs that keeps defenders scrambling.

For context on related attack techniques, see Windows Bind Link Attacks Can Hide Malware From EDR Tools.

Microsoft Hasn’t Responded Yet

As of publication, Microsoft has not acknowledged the LegacyHive vulnerability. SecurityWeek reached out to the company for comment but hasn’t received a reply. This article will be updated if and when Microsoft responds.

The lack of official acknowledgment is itself telling. Microsoft typically stays silent on zero-days until it has a patch ready or the vulnerability becomes widely exploited. Given Nightmare Eclipse’s track record, it’s reasonable to expect a fix in a future cumulative update — but no timeline has been offered.

What Defenders Should Do Right Now

Until Microsoft ships a patch, organizations running Windows should take these steps:

  • Monitor for unusual User Profile Service activity. LegacyHive targets this service specifically. Logs showing unexpected hive mounts or privilege escalations are red flags.
  • Restrict standard user credentials. The stripped PoC requires another standard user’s credentials to work. Limiting credential exposure reduces the attack surface.
  • Apply the July 2026 Patch Tuesday updates. Even though LegacyHive works on patched systems, the latest updates fix other critical vulnerabilities. Don’t skip them.
  • Watch for follow-on research. Other researchers may analyze the stripped PoC and release a working exploit. Stay informed through trusted security news sources.

For a broader view of recent Microsoft vulnerabilities, see Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days.

A Pattern That Won’t Stop

Nightmare Eclipse shows no signs of slowing down. The researcher’s motives remain murky — part whistleblower, part provocateur — but the output is consistent: a new Windows zero-day every few months, timed for maximum disruption.

LegacyHive is the latest. It probably won’t be the last.

For related coverage on unpatched flaws in other software, see Unpatched Cursor Vulnerability Exposes Users to Code Execution.

Continue Reading

CyberSecurity

GhostLock: A 15-Year-Old Linux Kernel Flaw Lets Any User Take Full Root Control

Published

on

GhostLock Linux flaw

The Ghost in the Kernel

For fifteen years, a silent vulnerability has sat inside the Linux kernel, waiting. Now, researchers at Nebula Security have pulled back the curtain on GhostLock — officially tracked as CVE-2026-43499. The bug is brutal in its simplicity: any logged-in user, no special permissions required, can seize full root control of an unpatched machine. Container escapes? That’s on the menu too.

This isn’t some obscure edge case. The vulnerable code has shipped by default in nearly every mainstream Linux distribution since 2011. No unusual settings needed. No network access required. Just a user account on the box.

How GhostLock Works: A 15-Year Blind Spot

The flaw lives deep in the kernel’s memory management subsystem — specifically, in how it handles certain locking mechanisms during process scheduling. Nebula Security’s team found that a race condition in the kernel’s futex (fast userspace mutex) implementation allows an attacker to corrupt kernel memory. From there, it’s a straight shot to root privileges.

What makes GhostLock particularly nasty is its longevity. The vulnerable code was introduced in kernel version 2.6.39, released in May 2011. Every major distro that has shipped a kernel based on that version or later — which is essentially all of them — carries the bug. We’re talking about Ubuntu, Debian, Fedora, CentOS, RHEL, SUSE, Arch, and virtually every other distribution in active use.

“This is the kind of bug that keeps infrastructure engineers up at night,” said a Nebula Security researcher in a technical write-up shared with select media. “It’s been there for over a decade, silently compiling into every kernel build.”

Root Access and Container Escape in One Package

GhostLock isn’t just a privilege escalation bug. It also enables container escape — a nightmare scenario for cloud-native environments. An attacker who compromises a single container can break out to the host system and gain root control there too. In multi-tenant Kubernetes clusters or shared hosting platforms, that means one compromised workload can potentially spill into every other workload on the same node.

Nebula Security demonstrated a proof-of-concept exploit that achieves both goals: full root on the host and escape from a Docker container. The exploit runs entirely from user space, requires no special capabilities, and completes in under a second on modern hardware.

Who Is Affected?

Short answer: almost everyone running Linux. Here’s a quick breakdown:

  • Desktop users: Any Linux desktop installed or updated since 2011 is vulnerable if it hasn’t received the GhostLock patch.
  • Server administrators: Every server running a mainstream distro with a kernel from the last 15 years needs patching immediately.
  • Cloud and container environments: Kubernetes nodes, Docker hosts, and any container orchestration platform are at risk for container escape attacks.

Nebula Security has not released the full exploit code publicly, but they have shared technical details with kernel maintainers and major distro security teams. Patches are already rolling out.

What You Need to Do Right Now

The fix is straightforward: update your kernel. All major distributions have released or are in the process of releasing patched kernels. Here’s the action plan:

  1. Check your kernel version: Run uname -r to see what you’re running. If it’s older than the patched version for your distro, you’re exposed.
  2. Apply updates immediately: Use your package manager to install the latest kernel. For Ubuntu/Debian: sudo apt update && sudo apt upgrade. For RHEL/CentOS/Fedora: sudo dnf upgrade.
  3. Reboot: Kernel updates require a reboot to take effect. Plan maintenance windows for production systems.
  4. For container environments: Update the host kernel, then restart all containers. Container escape protections like user namespaces and seccomp profiles can help but do not fully mitigate GhostLock.

Nebula Security also recommends enabling kernel address space layout randomization (KASLR) and disabling unprivileged user namespaces where possible — though these are mitigations, not fixes. The only real cure is the kernel patch.

For those running long-term support (LTS) kernels, check your distro’s security advisory page. Canonical, Red Hat, and SUSE have all issued advisories for CVE-2026-43499.

The Bigger Picture: 15 Years of Silent Exposure

GhostLock raises uncomfortable questions about kernel security auditing. How many other bugs have been sitting in plain sight for over a decade? The Linux kernel is one of the most audited pieces of software on the planet, yet this one slipped through. It was introduced in a routine commit that touched memory management code — exactly the kind of change that rarely gets the scrutiny it deserves.

“The futex code is notoriously complex,” noted a kernel developer who asked not to be named. “It’s been rewritten multiple times, and each rewrite can introduce subtle new races. Catching something like this requires not just code review but systematic fuzzing and formal verification.”

Nebula Security’s discovery was the result of targeted fuzzing of the futex subsystem — a reminder that even mature, well-tested codebases can harbor critical vulnerabilities. The researchers have published a detailed technical analysis of the GhostLock vulnerability for those who want to dig into the kernel internals.

For now, the message is simple: patch your kernels. GhostLock has been hiding in plain sight for 15 years. Don’t let it stay there any longer.

Continue Reading

CyberSecurity

WriteOut Flaw: How a Session Token Leak Could Have Exposed Every Writer AI Tenant

Published

on

Writer AI flaw

They called it WriteOut. And it could have blown open every tenant on the Writer AI platform.

Cybersecurity researchers at Sand Security have revealed the details of a critical vulnerability in Writer, an enterprise generative AI platform. The flaw, now patched, allowed a one-click attack that could leak session tokens across tenants — effectively letting an outsider hijack any agent preview without ever logging in.

The bug is being tracked as WriteOut. And it’s a textbook case of what happens when session isolation isn’t bulletproof.

What exactly was the Writer AI flaw?

The vulnerability lived inside Writer’s agent preview feature — the sandbox where users test and iterate on AI agents before deploying them. Under the hood, each tenant is supposed to be walled off from every other tenant. That’s basic multi-tenant security: your data, your sessions, your agents — all isolated.

WriteOut broke that wall.

Sand Security found that a malicious actor could craft a specially designed link. Click it, and the victim’s browser would execute a cross-tenant request that leaked their session token. From there, the attacker could impersonate the victim inside Writer, accessing their agents, their prompts, their history — everything.

No credentials needed. No brute force. Just one click.

Cross-tenant compromise: the real danger

Cross-tenant vulnerabilities are the nightmare scenario for any SaaS platform. They mean that a breach at Company A can spill directly into Company B’s data — without either company doing anything wrong.

In Writer’s case, the agent preview feature was the entry point. The platform uses session tokens to keep users authenticated as they move between features. But the token validation logic didn’t properly enforce tenant boundaries during preview requests. A request from Tenant A could include a token from Tenant B, and the server would accept it.

That’s the kind of bug that keeps CISOs up at night.

Sand Security’s team demonstrated the attack with a proof-of-concept they called WriteOut. It required no authentication from the attacker. Just a link, a victim, and a click.

How Writer fixed the session isolation vulnerability

Writer patched the flaw after Sand Security disclosed it responsibly. The fix involved tightening session token validation to ensure that tokens are scoped to their originating tenant. Now, a token from Tenant A simply won’t work when presented to Tenant B’s resources.

The company also added additional checks on the server side to verify tenant identity on every request involving agent previews. It’s the kind of layered defense that should have been there from the start — but at least it’s there now.

Writer has not disclosed whether the vulnerability was ever exploited in the wild. But given the nature of the bug — a cross-tenant session leak — the potential blast radius was enormous. If an attacker had discovered WriteOut before Sand Security did, they could have silently harvested tokens from any Writer user who clicked a malicious link.

That’s the quiet danger of session isolation flaws: no alarms, no unusual login activity. Just a stolen token and a ghost in the machine.

What this means for enterprise AI security

Writer is far from alone. Enterprise AI platforms are being built at breakneck speed, and security often takes a backseat to shipping features. Agent previews, custom model tuning, and collaborative workspaces all introduce new surfaces for cross-tenant attacks.

The WriteOut vulnerability is a reminder that session isolation isn’t a checkbox — it’s a continuous engineering discipline. Every new feature that touches authentication needs to be audited, not just for its intended behavior, but for what happens when someone sends unexpected data across tenant boundaries.

For enterprises using AI platforms, the lesson is clear: don’t assume your data is walled off just because the marketing materials say so. Ask your vendors about their session isolation architecture. Ask about their bug bounty program. And if they can’t give you a straight answer, that’s an answer in itself.

Key takeaways

  • One-click exploitation: WriteOut required only a single click from a victim to leak their session token.
  • Cross-tenant scope: The flaw broke tenant isolation, meaning data from one organization could be accessed by an attacker posing as a user from another.
  • No authentication needed: The attacker didn’t need valid credentials — just a crafted link and a victim.
  • Patched responsibly: Sand Security disclosed the bug to Writer, which fixed it before public disclosure.

For more on securing generative AI workflows, check out our guide on AI platform security best practices and how to audit session token handling in multi-tenant SaaS apps.

Writer has since confirmed the patch is complete and no customer data was compromised. But WriteOut will go down as a near-miss — one that could have exposed every agent, every prompt, and every session on the platform.

Continue Reading

Trending