KelpDAO, a liquid restaking protocol backed by CZ’s household workplace YZi Labs, suffered a $290 million hack. The attacker drained rsETH via KelpDAO’s LayerZero-powered cross-chain bridge, risking contagion to different DeFi protocols reminiscent of Aave. Nonetheless, Layer Zero blames North Korea’s Lazarus Group and Kelp’s safety decisions for the exploit.
North Korea’s Lazarus Group Seemingly Behind KelpDAO Hack: LayerZero
LayerZero Labs attributed the KelpDAO hack to North Korea’s Lazarus Group, particularly TraderTraitor, in a weblog submit on April 20. The hacking group has a protracted historical past of focusing on crypto tasks, together with the $280 million Drift protocol hack.
Furthermore, it highlighted that the hack succeeded as a result of KelpDAO selected to make use of a single-decentralized verifier community (DVN) configuration. The corporate famous that it and different events beforehand really useful KelpDAO undertake a multi-verifier setup for higher safety.
Hackers focused KelpDAO’s bridge setup by compromising downstream RPC nodes utilized by LayerZero’s DVN to confirm transactions. Attackers compromised two RPC nodes and launched DDoS assaults on the uncompromised RPCs to empty $290 million in rsETH tokens.
“This was rigorously designed to stop any safety monitoring from noticing anomalies from what exterior RPCs had been reporting, mentioned LayerZero. “It was designed to self-destruct as soon as the assault might now not be carried out, disabling the RPCs, deleting the malicious binary and corresponding native logs and configs,” it added.
LayerZero maintained that its protocol itself had no inherent vulnerabilities. The KelpDAO hack exploited the liquid restaking protocol’s setup decisions.
DVN Is Now Reside with Zero Contagion to Different Crypto Tokens
LayerZero confirmed that there’s zero contagion to every other cross-chain property or purposes. All affected RPC nodes at the moment are deprecated and changed, stating the “LayerZero Labs DVN is now reside.”
It recommends that each one purposes with a multi-DVN setup resume operations. The protocol group is presently asking all emigrate to multi-DVN setups with redundancy.
Nonetheless, the KelpDAO hack has triggered contagion results throughout DeFi. This has elevated unhealthy debt on Aave and led to a pointy drop in Aave’s whole worth locked (TVL).
Aave Founder Stani Kulechov mentioned “rsETH has been frozen on Aave V3 and V4. Each Aave V3 and V4 should not have additional publicity to rsETH.”
rsETH has been frozen on Aave V3 and V4, the asset doesn’t have any borrowing energy as a measure as a consequence of KelpDAO bridge exploit that occurred exterior of Aave. Each Aave V3 and V4 doesn’t have additional publicity to rsETH. https://t.co/vt8j1BOUjB
— Stani (@StaniKulechov) April 18, 2026
AAVE worth crashed greater than 20% up to now two days, presently buying and selling at $92.40. The 24-hour high and low are $89.08 and $94.05, with a 15% decline in buying and selling quantity.
In case you are trying to capitalize on low costs in present crypto market circumstances, try our narrowed-down suggestions for the Greatest DeFi Lending Platforms.
