Lazarus Group Tied to $292M–$294M DeFi Exploit, Sparking $13B–$15B TVL Exit

CoinDesk reports that the Kelp DAO hack has rattled long-time DeFi users, with @kaiynne saying five years in the sector has never left them more uneasy about keeping funds onchain. Market pricing now implies a 100% "Yes" outcome that another DeFi hack will exceed $100 million in losses by December 31, 2026. Traders appear to be factoring in persistent, industry-wide security weaknesses; while no trading volume data is available, the quoted probabilities reflect positioning and sentiment. Investigators have linked North Korea's Lazarus Group to the attack, which is estimated to have resulted in $292 million to $294 million in losses. The incident triggered an estimated $13 billion to $15 billion in total value locked (TVL) outflows from DeFi platforms and raised concerns about bad-debt risk on lending protocols including Aave and Compound. So far, it is the largest DeFi exploit of 2026, and traders are not treating it as an isolated event. Shortly after the breach, the Arbitration Security Committee froze roughly $71 million in stolen assets. The coordinated response also underscored how dependent DeFi remains on bridge infrastructure, a frequent target for sophisticated attackers. For market participants, Kelp DAO is another reminder that state-backed groups such as Lazarus represent a material tail risk. Without meaningful new security measures, buying exposure to this "another $100M+ hack" outcome is largely symbolic and unlikely to produce returns. For the trade to be economically rational, the frequency of high-profile crypto hacks would need to fall sharply—an outcome traders see as improbable given the current pace. Security updates from firms such as CertiK and Chainalysis, along with new entries on the Rekt News leaderboard, are being watched closely for signals of shifting sentiment or further state-linked activity.