Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

$577 million in DeFi losses: what Web3 teams must re-evaluate


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: North Korean hackers stole $577 million from DeFi protocols in early 2026, with Drift Protocol and KelpDAO among the principal targets, and the attacks accounted for 76% of global crypto hack losses in that period, according to FYEO. The pattern shows that smart contract logic, supply chain exposure, and compromised identities now combine into a governance problem, not just a code problem.

NHIMG editorial — based on content published by FYEO: North Korean Hackers Exploit DeFi: A $577 Million Wake-Up Call for Web3 Security

By the numbers:

Questions worth separating out

Q: What fails when DeFi protocols allow broad standing access to assets and contract controls?

A: When DeFi environments allow broad standing access, one compromised identity, key, or approval path can move funds directly.

Q: Why do phishing and fake identities remain so effective against crypto companies?

A: Crypto organisations often rely on people who can approve releases, manage keys, or sign transactions, so impersonation can translate directly into financial control.

Q: How do security teams know whether access controls are strong enough for DeFi operations?

A: Look for clear separation between development, approval, signing, and asset movement rights.

Practitioner guidance

  • Harden protocol authorization paths Review smart contract permissions, admin functions, and upgrade paths for any logic that lets one role move assets, change rules, or override safeguards.
  • Treat developer access as privileged access Map repository, CI/CD, signing, and deployment credentials as high-risk identities with explicit owners, expiration, and approval rules.
  • Strengthen identity proof for workers and contractors Apply enhanced vetting, continuous re-verification, and anomaly checks for staff who can touch wallets, secrets, or production contracts.

What's in the full analysis

FYEO's full article covers the operational detail this post intentionally leaves for the source:

  • Protocol-level discussion of how Drift Protocol and KelpDAO were impacted, including the attack conditions that enabled the losses.
  • References to related incidents such as the Axios npm package compromise, which help map the supply chain angle more concretely.
  • Practical hardening measures for smart contract audits, monitoring, and incident response in Web3 environments.
  • The article's discussion of North Korean IT-worker infiltration and why identity verification matters in crypto hiring and access governance.

👉 Read FYEO's analysis of North Korean DeFi theft and Web3 security gaps →

$577 million in DeFi losses: what Web3 teams must re-evaluate?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

DeFi has an identity problem, not just a code problem. The article shows attackers combining smart contract abuse, social engineering, and supply chain compromise in the same campaign. That means protocol security, IAM, and personnel trust controls all contribute to the loss boundary. For practitioners, the core lesson is that transaction authority must be governed with the same seriousness as administrative access.

A few things that frame the scale:

  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, according to The State of Non-Human Identity Security.
  • 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% reporting no or low visibility and 47% partial visibility.

A question worth separating out:

Q: Who is accountable when a DeFi theft is driven by compromised identities and supply chain risk?

A: Accountability sits across protocol governance, engineering leadership, security operations, and any third parties that control signing or deployment paths. For regulated environments, the question is whether ownership, review, and escalation were defined before the incident. Frameworks such as NIST CSF and IAM governance models help assign that responsibility.

👉 Read our full editorial: North Korean DeFi theft shows Web3 security gaps at scale



   
ReplyQuote
Share: