Close Menu
    Home / About / Advertise / Contact
    News

    North Korean Hackers Drain $292M from KelpDAO in Cross-Chain Attack

    Oliver DaleBy No Comments3 Mins Read

    Key Takeaways

    • North Korean Lazarus Group allegedly behind $292M rsETH theft from KelpDAO
    • Attackers compromised LayerZero’s verification infrastructure to drain tokens
    • Single-verifier configuration weakness enabled massive cross-chain exploit
    • 116,500 rsETH tokens stolen, representing 18% of total token supply
    • LayerZero implements mandatory multi-verifier requirements following breach

    LayerZero has attributed a devastating $292 million cryptocurrency heist to the notorious Lazarus Group, a hacking collective tied to North Korea. The attack targeted KelpDAO’s rsETH tokens through sophisticated manipulation of cross-chain messaging systems. According to LayerZero’s investigation, the breach remained isolated to rsETH without compromising other protocols operating on the network.

    Hackers Manipulate Cross-Chain Verification Systems

    The assault focused on LayerZero’s Decentralized Verifier Network, exploiting vulnerabilities in cross-chain transaction validation. Investigators discovered that threat actors had infiltrated RPC nodes, enabling them to authorize fraudulent transactions. The perpetrators successfully extracted 116,500 rsETH tokens, accounting for approximately eighteen percent of the asset’s circulating supply.

    LayerZero disclosed that hackers replaced legitimate software on two critical RPC nodes within the verification ecosystem. Simultaneously, distributed denial-of-service assaults targeted remaining nodes, forcing the system to depend on compromised infrastructure. These malicious nodes fed falsified validation data while evading detection protocols designed to identify suspicious activity.

    According to LayerZero’s technical analysis, attackers carefully configured infiltrated nodes to mimic legitimate operational patterns. Following successful execution, the entire malicious infrastructure was systematically destroyed, eliminating forensic evidence. This self-destructing mechanism significantly hindered post-breach analysis by erasing crucial logs and system configurations.

    Single-Point Failure Enables Catastrophic Breach

    LayerZero’s post-mortem revealed that KelpDAO operated with a single verifier configuration, contradicting security best practices. The protocol had previously recommended implementing multiple independent verifier networks to eliminate single points of failure. This architectural shortcoming provided attackers with a straightforward pathway to manipulate transaction validation processes.

    Following detection of the breach, KelpDAO immediately suspended rsETH contract operations across Ethereum mainnet and multiple layer-two scaling solutions. LayerZero responded by restoring compromised verifier infrastructure and implementing emergency migration procedures for at-risk applications. LayerZero has since established a strict policy refusing service to any protocol relying solely on single-verifier architectures.

    KelpDAO has engaged cybersecurity auditors to conduct comprehensive forensic analysis and strengthen remaining infrastructure. LayerZero maintains active collaboration with international law enforcement agencies and blockchain analytics firms to trace stolen assets. This incident represents the most significant decentralized finance security breach documented in 2026.

    Broader DeFi Ecosystem Avoids Widespread Contamination

    LayerZero has verified that the security breach remained contained to rsETH, with no impact on other digital assets utilizing the protocol’s infrastructure. Following identification and isolation of compromised components, LayerZero replaced affected RPC nodes and restored complete network functionality. Applications employing multi-verifier configurations continued operating without interruption throughout the incident.

    The exploit generated secondary effects across decentralized finance platforms with exposure to rsETH liquidity pools. Several protocols implemented precautionary risk adjustments to limit exposure to compromised collateral assets. Certain lending platforms reported temporary decreases in total value locked as users withdrew affected tokens.

    KelpDAO maintains ongoing dialogue with ecosystem partners to stabilize integrations affected by the breach. LayerZero has implemented enhanced verifier standards mandatory for all network participants moving forward. This security incident underscores persistent infrastructure vulnerabilities within cross-chain validation architectures, despite protocol-level safeguards.

     

    ✨ Limited Time Offer

    Get 3 Free Stock Ebooks

    Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.

    • Top 10 AI Stocks - Leading AI companies
    • Top 10 Crypto Stocks - Blockchain leaders
    • Top 10 Tech Stocks - Tech giants
    📥 Get Your Free Ebooks
    Free Stock Ebooks
    Share.

    Oliver Dale is Editor-in-Chief of MoneyCheck and founder of Kooc Media Ltd, A UK-Based Online Publishing company. A Technology Entrepreneur with over 15 years of professional experience in Investing and UK Business.His writing has been quoted by Nasdaq, Dow Jones, Investopedia, The New Yorker, Forbes, Techcrunch & More.He built Money Check to bring the highest level of education about personal finance to the general public with clear and unbiased reporting.oliver@moneycheck.com

    KO Stocks

    Related Posts

    Add A Comment

    Comments are closed.

    No KYC. 70% Rakeback & 10% Cashback, Exclusive Thrill Originals!