LayerZero Confirms KelpDAO Hack Affects Only rsETH Configuration

According to Huoxing Finance, LayerZero Labs issued a statement regarding the attack, revealing that KelpDAO suffered losses of approximately $290 million. The attack is preliminarily attributed to the Lazarus Group, specifically the subgroup TraderTraitor, with ties to North Korea. The attackers compromised the downstream RPC infrastructure upon which KelpDAO’s decentralized verification network (DVN) relies, taking control of certain RPC nodes and coordinating DDoS attacks to force the system to switch to malicious nodes, thereby fabricating cross-chain transactions. All affected RPC nodes have been taken offline and replaced, and the DVN has since resumed operations. LayerZero emphasized that the incident was confined solely to KelpDAO’s rsETH application configuration and did not impact any other assets or applications. This occurred because KelpDAO was using a single-DVN (1/1) architecture at the time, failing to adopt the multi-DVN redundancy mechanism long recommended by LayerZero, leaving no independent verification nodes to detect forged messages. LayerZero clarified that its protocol itself had no vulnerabilities; applications using multi-DVN configurations were unaffected, and there is no systemic contagion risk. LayerZero stated it will accelerate the migration of all projects using single-DVN configurations to multi-DVN architectures and has suspended signature and verification services for 1/1-configured applications. The company is also collaborating with global law enforcement agencies to investigate the incident and assisting industry partners in tracking the stolen funds. LayerZero noted that this event underscores the value of a modular security architecture while highlighting the potential security risks associated with RPC verification pathways.