Home
News
Details

LayerZero Releases KelpDAO Security Incident Report, Announces Adjustments to Its Security Strategy

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$1,862.76-5.57%
AI summary iconSummary

expand icon
LayerZero Labs has released a report on the KelpDAO security breach, revealing that its rsETH cross-chain bridge was exploited, resulting in the theft of 116,500 rsETH ($292 million). Security firms and researchers attributed the attack to the North Korea-affiliated group TraderTraitor, which used social engineering to gain access to developer accounts and manipulate monitoring systems. In response, LayerZero is overhauling its security approach, implementing multi-party approval and short-term credentials. Traders analyzing on-chain trading signals and support and resistance levels are closely monitoring the impact on cross-chain protocols.

ChainCatcher report: LayerZero Labs has released a report on the KelpDAO attack, confirming that the KelpDAO rsETH cross-chain bridge, built on its cross-chain communication protocol, was compromised, resulting in the theft of approximately 116,500 rsETH (around $292 million). Multiple security firms, including Mandiant and CrowdStrike, along with independent researchers, have attributed the attack to the North Korea-linked hacking group TraderTraitor (UNC4899). The report states that the attack began on March 6, 2026, when the attackers used social engineering to compromise a LayerZero developer account, obtain session keys, and infiltrate the RPC cloud environment. They then corrupted internal RPC node data and manipulated response results to deceive monitoring systems and the Decentralized Verification Network (DVN). LayerZero Labs has officially announced changes to its security strategy, including discontinuing the use of its own DVN as the sole signing party in single-verification configurations, rebuilding the compromised cloud infrastructure, and implementing short-lived credentials, just-in-time privilege escalation, and multi-party approval mechanisms to enhance security.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.