LayerZero issues official statement on the KelpDAO attack, attributing the incident to the North Korean state-sponsored hacking group Lazarus Group. LayerZero’s official analysis of the KelpDAO attack preliminarily attributes the breach to the North Korean state-sponsored hacking group Lazarus Group. Attack Method: RPC Node Poisoning The attackers did not compromise the LayerZero protocol itself, but instead targeted a more隐蔽的 vulnerability—the RPC nodes relied upon by DVNs: Node Compromise: Infiltrated two independent RPC nodes used by LayerZero Labs’ DVNs and replaced their underlying software. Targeted Deception: The malicious nodes returned forged data exclusively to DVNs while responding normally to all other IP addresses, evading monitoring systems. DDoS Cover-Up: Launched DDoS attacks against unaffected, legitimate nodes to force the system to switch to the compromised nodes. Automatic Erasure: Automatically deleted malicious code and local logs after the attack, leaving virtually no trace. As a result, the DVN was deceived into confirming a cross-chain transaction that never actually occurred. KelpDAO’s rsETH utilized a single, 1/1 DVN configuration, with LayerZero Labs as the sole node in the entire verification chain. LayerZero had previously recommended multiple times adopting a multi-DVN redundancy setup, but KelpDAO did not implement it, ultimately resulting in a single point of failure and severe losses.