Summary
- LayerZero said KelpDAO lost about $290 million in assets and that the incident is preliminarily believed to have been carried out by North Korea’s Lazarus Group.
- It said the attack targeted network infrastructure, specifically using RPC poisoning in the decentralized verifier network (DVN) along with a DDoS attack.
- LayerZero identified KelpDAO’s "1/1 DVN" single-verifier structure as the core issue, and said the damage was limited to the rsETH token.
Forecast Trend Report by Period
LayerZero said a hack that drained about $290 million from KelpDAO is preliminarily believed to be linked to North Korea’s Lazarus Group.
In a post on X on April 20, LayerZero said KelpDAO suffered an exploit that resulted in the loss of about $290 million in assets. The company said the attack is tentatively tied to Lazarus, also known as TraderTraitor. LayerZero’s cross-chain bridge was the bridge used by the hacker in the exploit.
The attack targeted network infrastructure rather than a vulnerability in the protocol itself or stolen keys, according to LayerZero. The attacker poisoned the RPC, the communication path used by the decentralized verifier network, or DVN, to send transaction requests to the blockchain. It also launched a distributed denial-of-service, or DDoS, attack that pushed the system into recovery mode.
During that process, transactions that never actually occurred were verified as valid, leading to the asset outflow.
LayerZero identified KelpDAO’s "1/1 DVN" structure as the main cause of the incident. Because the setup relied on a single verifier, it created a single point of failure and left the system exposed to attack.
The impact was limited to rsETH, a restaking token, and did not spread across the broader protocol, it added. The affected RPCs have all been replaced, and LayerZero Labs’ DVN is operating normally.
Suehyeon Lee
shlee@bloomingbit.ioI'm reporter Suehyeon Lee, your Web3 Moderator.
