01 Cold Open: Five Hundred Seventy-Seven Million, Two Campaigns, Zero Good Defaults0:00
0:00
Chapters
01Cold Open: Five Hundred Seventy-Seven Million, Two Campaigns, Zero Good Defaults
02Sponsor — Blue Cortex AI
03Lazarus Attribution: What Formally Confirmed Actually Changes
04Parallel Campaigns: Lena's Timeline and the Tooling Divergence
05Following the Money: Laundering Infrastructure and the KelpDAO DVN Default
06The Compliance Trigger: Sofia on What Formal Attribution Obliges
07Copy Fail Goes Multi-Tenant: The K8s Container Escape and the 700-Byte PoC
08PyTorch Lightning Mini Shai-Hulud: Clean Delta, Open Tail Risk
09Synthesis: What You Do in the Next Forty-Eight Hours
Speakers
HalilDr.LenaViktorDr.AlexJamesTomas
▶01Cold Open: Five Hundred Seventy-Seven Million, Two Campaigns, Zero Good Defaults00:00
HalilFive hundred seventy-seven million dollars. Seventy-six percent of every crypto dollar stolen in 2026. Two attacks. One state actor. And the scariest part? They were running at the same time.
HalilWelcome to CyberDaily Threatcast. I'm Halil Öztürkci. Let's get into it.
HalilToday we have two operationally significant developments that demand your attention. First: TRM Labs and Elliptic have formally attributed both the Drift Protocol and KelpDAO heists to North Korea's Lazarus Group. That formal attribution changes the compliance picture for every exchange touching those funds.
HalilSecond: the Copy Fail vulnerability — CVE 2026 31431 — has a new dimension. We covered the Linux kernel privilege escalation on yesterday's episode. What we did NOT cover is the Kubernetes container-to-host escape variant. That's a different blast radius. A 700-byte Python proof-of-concept is now public.
HalilAnd we're going to do a quick delta check on the PyTorch Lightning Mini Shai-Hulud supply chain incident — because as of this session, Tomas Ilic has a clean answer on confirmed victims. Spoiler: it's a near-miss. But it's not closed.
HalilThree threads. Let's go.
▶02Sponsor — Blue Cortex AI01:37
HalilThis episode is brought to you by Blue Cortex AI and Tarhy — their autonomous SOC platform. Here's what Tarhy does: it pulls alerts from your EDR stack — Defender, CrowdStrike, Cortex XDR, SentinelOne — and its AI agents triage every single one, around the clock. Not just pattern matching. Multi-step reasoning, cross-event correlation, MITRE ATT&CK mapping, and a confidence-scored verdict — all in about three minutes. And here's the thing that matters: their Neural Timeline shows you exactly how the AI reached each decision. No black box. The results speak for themselves — sixty to seventy percent fewer false positives, eighty percent faster time to verdict. If your SOC is drowning in five thousand alerts a day, Tarhy can save twenty-five hundred analyst hours a month. Check them out at bluecortex.ai.
▶03Lazarus Attribution: What Formally Confirmed Actually Changes02:44
HalilElena, Lena — Lazarus Group. TRM Labs and Elliptic have now formally attributed both Drift Protocol and KelpDAO to them. Five hundred seventy-seven million dollars, seventy-six percent of all crypto losses in 2026. What does formal attribution actually change?
Dr.So — and this is the nuance people miss — Lazarus has been under OFAC sanctions since September 2019. The TRM and Elliptic confirmation doesn't flip a new switch on the group itself. They're already designated.
LenaRight. The designation exists. What changes is the evidentiary foundation for going after the infrastructure around them.
Dr.Exactly. Treasury's been targeting ancillary infrastructure — IT worker networks, money laundering services, front companies. The March 2026 enforcement action designated six individuals and two entities for IT worker schemes generating nearly eight hundred million dollars. Formal blockchain attribution strengthens the basis for derivative sanctions and civil forfeiture actions.
HalilSo the attribution is ammunition for going after the ecosystem, not the group directly.
Dr.And there's something bigger. Treasury launched a new threat intelligence-sharing program with crypto firms in April 2026. The language used is striking — it treats DeFi infrastructure as, quote, core financial infrastructure. The same framing used for systemically important banks after 2008.
LenaHmm. That's a conceptual shift, not just an operational one.
Dr.Look — DPRK's total crypto theft since 2017 now exceeds six billion dollars. Five hundred seventy-seven million from just two attacks in early 2026. This is strategic revenue generation for weapons programs. Treasury explicitly frames it that way. We've crossed from financial crime into sanctions evasion at weapons-program scale.
HalilLena, Elena flagged the evidentiary question — do formal blockchain forensics from TRM and Elliptic actually overcome interagency barriers? Does confirmed attribution from private firms move the needle operationally?
LenaIt matters, but carefully. OFAC can cite this intelligence foundation for future designations without revealing classified sources. That's the mechanism.
Dr.And the escalatory move I'm watching for — whether U.S. agencies consider formal designations on THORChain itself. It's described as a preferred laundering route for Lazarus. That would be a significant escalation.
LenaI'd hold on that. No confirmed guidance yet. Tornado Cash established OFAC's willingness to sanction code distribution. Whether that precedent extends further — that's still legally contested.
HalilThe sixty-four thousand dollar question for the industry right now. We'll come back to the compliance picture with Sofia. But first — Lena, the Drift and KelpDAO attribution. Are these two operations connected, or are we looking at parallel campaigns?
▶04Parallel Campaigns: Lena's Timeline and the Tooling Divergence06:04
LenaThis is where I want to push back on the narrative that's been circulating. People are treating Drift and KelpDAO as a sequential chain — like Lazarus pivoted from one to the other. That's not what the evidence shows.
HalilWalk us through it.
LenaSo, TeamPCP — that's the supply chain poisoning campaign — begins mass credential harvesting via npm and GitHub starting in late October 2025, running through March and April 2026. That's one timeline.
LenaDrift is different. The social engineering campaign targeting their developers began in late 2024. Well before TeamPCP established any supply chain beachhead. Six months of fake job offers, LinkedIn personas, malware-laced coding tests.
Dr.That's textbook Lazarus long-horizon targeting. They are extraordinarily patient.
LenaAnd here's the decisive data point: there is zero tooling overlap. TeamPCP uses ICP-based C2, CanisterWorm malware, WAV-embedded payloads. None of that appears in the Drift investigation. No shared infrastructure. No evidence that TeamPCP-compromised credentials were the path to Drift's signing keys.
HalilSo what's your confidence level on these being separate campaigns?
LenaHigh confidence on Drift — social engineering access vector, not supply chain. High confidence on KelpDAO — implementation misconfiguration, different access entirely. TeamPCP-to-Lazarus connection? I stay silent. No data supports convergence.
HalilAnd the operational implication of that being parallel and not sequential?
LenaIt doubles the defensive surface. You're not patching one gap. You're covering two separate attack models running at the same time. That tells us something about Lazarus's operational capacity and compartmentalization.
Dr.Bureau-level coordination. Two distinct units, two distinct methodologies. This is not improvisation.
HalilRight. And the Drift vector specifically — six months of social engineering that bypassed all technical controls. James, we'll get to defensive implications in a moment. But Viktor — follow the money. Where did the five hundred seventy-seven million go, and what does the laundering infrastructure tell us?
▶05Following the Money: Laundering Infrastructure and the KelpDAO DVN Default08:35
ViktorSo the laundering pattern on Lazarus operations is increasingly automated. Funds move through dozens of intermediary wallets in hours, then hit cross-chain bridges. THORChain is the preferred route here — and that's why the designation question Elena raised matters so much.
HalilHow fast are they moving the funds?
ViktorFast enough that manual intervention is useless. By the time an exchange flags a wallet, the funds are already three hops away. This is not a person clicking — this is automated laundering infrastructure.
LenaWhich is exactly why the KelpDAO vector matters separately. This wasn't a funds heist via social engineering. This was a technical exploit of a bridge misconfiguration.
HalilRight. Lena, give us the KelpDAO technical picture. The one-of-one DVN configuration — what does that actually mean?
LenaLayerZero bridges — that's cross-chain messaging infrastructure — use a DVN system. A Decentralized Verifier Network. You configure how many independent verifiers must attest to a message before funds move. One-of-one means a single verifier. One point of failure.
ViktorHmm. And they compromised the internal RPC nodes feeding that verifier?
LenaExactly. Attackers fed falsified block data to the single verifier, which then triggered unauthorized releases. Two hundred ninety-two million dollars. And here's what makes this systemic: according to Chainalysis reporting, forty-seven percent of LayerZero OApps — that's on-chain applications — use the same insecure setup. That's roughly four and a half billion dollars at risk.
HalilForty-seven percent. And this was the DEFAULT configuration?
LenaThat's the finding. Chainalysis reports the one-of-one setup was the default configuration shipped for new deployments at the time of KelpDAO's L2 expansion. LayerZero says they recommended multi-verifier setups. But the default drove the insecure outcome.
ViktorRecommendation versus default. Classic. The gap between those two things is four and a half billion dollars.
LenaLayerZero has taken action — their own DVN will no longer attest messages from one-of-one applications. But that's DVN-level enforcement, not protocol-level. If you're running a different verifier or your own, that enforcement doesn't reach you.
HalilSo teams need to go audit their own deployments. There's a public tool for this — Lena?
LenaDune Analytics dashboard. dune dot com slash dune slash layerzero-dvn-setups. Tracks real-time DVN configurations across all deployed OApps. Go check your actual deployed contracts against what you think your configuration is. The gap between intended and actual is where attackers find their opening.
▶06The Compliance Trigger: Sofia on What Formal Attribution Obliges11:36
HalilSofia, you've been listening to the attribution discussion. Let's talk obligations. What does formal Lazarus attribution by TRM Labs and Elliptic actually trigger for exchanges and custodians right now?
Dr.Three concrete shifts. First: formal attribution transforms suspicion into sanctions compliance obligation. Under 31 CFR Section 501.603, U.S. persons must report blocked property within ten business days.
HalilTen business days from when? Detection or public knowledge?
Dr.That's the unresolved timing question. I could not confirm whether the clock starts from public knowledge or actual detection. That requires case-by-case analysis. Exchanges should not assume — they should consult legal counsel.
ViktorSo the practical posture shifts from enhanced due diligence toward block-and-report.
Dr.Exactly. TRM and Elliptic confirmation gives exchanges a stronger basis for freezing. The compliance posture shifts. Second shift: EU obligations run in parallel. Under Council Regulation 2017 slash 1509, Article 32 prohibits making funds available to designated persons, Article 34 mandates immediate freezing. VASP license-holders and custodial wallets in the EU are obliged entities.
Dr.And UK frameworks similarly?
Dr.Similar direction, different implementation details. But the central unresolved exposure is DeFi protocols. The Tornado Cash designation established OFAC's willingness to sanction code distribution. Whether that extends to all DeFi developers — legally contested. Permissionless design provides no confirmed safe harbor once sanctioned funds enter a pool.
HalilSo DeFi protocols without KYC are sitting in genuinely uncharted regulatory territory.
Dr.Structurally unresolved. That is the correct framing. There is no established safe harbor. I want to be precise: the legal triggers and applicable precedents under OFAC have not been confirmed by official guidance. Do not assume specific obligations are triggered — get legal counsel with your specific facts.
LenaWhich means the practical advice for DeFi teams is: don't wait for regulators to clarify the law while sanctioned funds are sitting in your protocol.
Dr.Correct. Proactive engagement is the only defensible posture right now.
▶07Copy Fail Goes Multi-Tenant: The K8s Container Escape and the 700-Byte PoC14:20
HalilWe covered Copy Fail's kernel privilege escalation yesterday. Today there's a new dimension — a Kubernetes container-to-host escape variant with a public seven hundred byte Python proof-of-concept. Alex, walk us through what's actually different here.
AlexThe key is architecture. Containers share the host kernel and its page cache. This exploit — CVE 2026 31431 — creates an AF_ALG socket, that's address family thirty-eight, and uses a splice syscall to corrupt shared page cache memory across the container boundary.
HalilSo the blast radius isn't just the container being attacked — it's every container on that node.
AlexHost root. From there, pivot to other tenants' pods, their secrets, persistent volumes. In multi-tenant cloud environments, that's your other customers' data.
JamesAnd the platform security story here is not pretty. I need to say this plainly.
AlexGo ahead.
JamesKubernetes Pod Security Standard Restricted with RuntimeDefault seccomp — that's what most hardened environments run — does NOT block AF_ALG socket creation by default. Juliet Security tested this explicitly. It failed to block the primitive.
HalilWow.
AlexAnd the seven hundred byte Python PoC — pure standard library, under forty lines, no compilation, no exotic dependencies. This moves the barrier from kernel developer to script kiddie. It will show up in automated exploitation frameworks fast.
JamesBut let me give you the fix, because there are two validated mitigations. First: host-level blacklisting. Add `install algif_aead /bin/false` to modprobe.d and run rmmod. CERT-EU confirmed this doesn't break dm-crypt, LUKS, kTLS, IPsec, OpenSSL, or SSH. The module is specifically for userspace crypto API access — most production workloads don't touch it.
AlexRight. And the second path is a custom seccomp profile — Localhost profile that explicitly denies socket creation for address family thirty-eight. Juliet Security tested this on kind clusters and GKE. It works.
JamesFor cluster-wide rollout: audit mode for twenty-four hours on representative workloads, look for AF_ALG violations, then enforce. Don't skip the audit step — 'most' workloads don't use it, but that's not 'all.'
HalilWhat about managed Kubernetes? EKS, AKS, GKE — customers without host access?
JamesThe honest answer: seccomp profiles you can deploy today, no cloud provider dependency. Module blacklisting requires privileged host access that many managed K8s customers simply don't have. So custom seccomp is your forty-eight hour action. Kernel updates are the clean fix but you're on the provider's timeline.
AlexDon't wait for that timeline. The PoC is public. The conditions are common — unprivileged containers with default runtime configs. This is weaponizable within hours.
▶08PyTorch Lightning Mini Shai-Hulud: Clean Delta, Open Tail Risk17:44
HalilTomas — quick delta check on PyTorch Lightning. Mini Shai-Hulud — the malicious versions 2.6.2 and 2.6.3. Any new intelligence on confirmed victims or worm propagation since we covered it on April twenty-fifth?
TomasClean answer: no new facts on either front. No confirmed victim organizations who pulled those versions, and no evidence of the npm worm propagation actually executing in downstream repositories beyond theoretical capability.
HalilSo the eighteen-minute exposure window, the on-import execution model — all of that stands, but no confirmed downstream impact?
TomasCorrect. The self-spreading mechanism, the Mini Shai-Hulud worm design — genuinely novel escalation path. But actual confirmed spread beyond the PyTorch Lightning namespace? Not seeing it.
AlexI'd want to flag — no confirmed victims is not the same as no victims. Automated CI/CD pipelines can pull packages within seconds of publication.
TomasExactly. Organizations that were hit may not know yet or haven't disclosed. We're in a monitoring posture, not a closure posture. If I get anything on blast radius or confirmed worm spread, I'll flag immediately.
HalilThat's the right call, Tomas. Monitor-only. No escalation without confirmed propagation evidence. High-severity near-miss with an unresolved tail risk — that's where it stands.
▶09Synthesis: What You Do in the Next Forty-Eight Hours19:23
HalilLet me pull this together. Today's session gave us two confirmed, operationally significant deltas — and both of them have the same root cause: insecure defaults deployed at scale.
HalilFirst thread: DPRK Lazarus Group has formally been attributed to five hundred seventy-seven million dollars in crypto theft — seventy-six percent of all crypto losses in 2026. But Lena's analysis revealed something the headlines missed: these are not sequential operations. They are parallel campaigns with distinct tooling, distinct access vectors, and distinct timelines.
LenaTwo separate attack models, running concurrently. Drift via six months of social engineering. KelpDAO via a bridge misconfiguration. You cannot patch one and call it done.
HalilThe Drift lesson for protocol teams: expand your threat model beyond technical controls. Six months of social engineering bypassed everything. Implement multisig governance. Add timelock delays on administrative actions.
JamesAnd for LayerZero teams: go to that Dune dashboard right now. Check your actual deployed configuration. Not what you believe it is — what it actually is. If you're on one-of-one, migrate to minimum two-of-three verifier thresholds before close of business.
Dr.Exchanges and custodians handling funds traceable to Drift or KelpDAO addresses: your compliance posture has shifted. Do not assume specific OFAC obligations are triggered — consult legal counsel. But assess your position now, not after the clock runs.
HalilSecond thread: Copy Fail — CVE 2026 31431. We covered the kernel privilege escalation yesterday. Today's delta is the Kubernetes container-to-host escape. Seven hundred byte Python proof-of-concept, publicly available. Default seccomp profiles do not protect you.
AlexTwo mitigations, both validated. Blacklist algif_aead at the host level, or deploy a custom seccomp Localhost profile blocking address family thirty-eight. Do not wait for cloud provider kernel updates.
JamesManaged Kubernetes customers — EKS, AKS, GKE — you can deploy custom seccomp profiles right now. No host access required. That's your forty-eight hour action. Do it today.
HalilThird thread: PyTorch Lightning Mini Shai-Hulud. Monitor only. No confirmed victims, no confirmed worm propagation. Tomas will flag the moment that changes.
HalilWhat we'll be watching: whether THORChain faces formal OFAC action as a sanctioned-funds conduit, whether LayerZero issues protocol-level DVN minimums rather than relying on DVN-level enforcement, and whether any downstream organizations from the PyTorch Lightning exposure window come forward.
HalilThat's it for today's CyberDaily Threatcast. Stay safe. See you tomorrow. Thanks to Blue Cortex AI for sponsoring today's episode. Autonomous SOC, real reasoning, no black box. bluecortex.ai.
Episodes
Apr 2026
Tue28Apr
Grid in the Crosshairs: Cisco SD-WAN, Gemini CLI, and Two Deadlines Expiring Today
Sun26Apr
Correction Day: The LAPSUS$ Claim Falls Apart, Signal Phishing Is Real
Sat25Apr
Pay or Leak: The 48-Hour Clock, Two CVEs You Must Patch, and DeFi's Governance Confession
Fri24Apr
Shai-Hulud: The Worm That Ate the Pipeline
Thu23Apr
Autonomous Worm, Unseizable C2, and 19 Million Stolen Identities
Wed22Apr
Mythos Breached, Supply Chain Burning, Patch Everything Now
Tue21Apr
Cisco's 48-Hour Clock, Vercel's Roblox Problem, and France's Identity Meltdown
Mon20Apr
Trust Is the Vulnerability
Sun19Apr
Two Hundred Million in Bad Debt and the AI That Finds Zero-Days
Sat18Apr
RedSun Rising: Defender Becomes the Attacker
Fri17Apr
Nation-State Supply Chains, Iran's PLC Gambit, and the AI Exploit Machine
Thu16Apr
The Machine That Hacks Itself: Mythos, TeamPCP, and the Credential Apocalypse
Wed15Apr
Three Crises, One Tuesday
Tue14Apr
North Korea, Snowflake, and the Signing Cert That Shouldn't Have Been There
Sun12Apr
3,891 PLCs, No Zero-Day Required
Sat11Apr
The 24-Hour Exploit Window
Fri10Apr
Zero-Day April: Sandworm, Handala, and the AI Exploit Machine
Thu9Apr
Four Point Six Billion Reasons to Patch Today
Thu9Apr
Phase Transition: AI Zero-Days, Iranian PLCs, and the FBI's Unprecedented Move
Tue7Apr
Convergence: Five Threats, One Nightmare Blueprint
Tue7Apr
The Stryker Paradigm: When Your MDM Becomes a Weapon
Tue7Apr
Convergence Without Coordination
Mon6Apr
The Six-Month Handshake: DPRK's $285M Social Engineering Masterclass
Mon6Apr
The $4.9 Billion Week: North Korea's Twin Strikes & Fortinet's Worst Day