Kelp DAO Suffers $292 Million Loss in LayerZero Exploit Linked to Lazarus Group

Severity: High (Score: 77.0)

Sources: Theblock.Co, Bitget, news.bitcoin.com

Summary

Kelp DAO, a decentralized autonomous organization managing an Ethereum-based rsETH bridge, lost $292 million due to an exploit on April 16, 2026. Hackers, suspected to be part of North Korea's Lazarus Group, took advantage of a vulnerability in LayerZero's infrastructure, specifically targeting a single-verifier configuration. The attackers withdrew 116,500 rsETH by compromising two RPC servers in the LayerZero Labs validator network and executing a DDoS attack on remaining nodes. Following the incident, Kelp DAO announced its transition from LayerZero to Chainlink's cross-chain infrastructure. LayerZero has since stated that it will no longer support single-verifier setups, which were found to be used by nearly 47% of LayerZero applications. The incident has raised questions about LayerZero's security practices and monitoring systems. Kelp DAO's migration aims to address the architectural vulnerabilities exposed by the exploit. The ongoing fallout includes lawsuits related to the frozen assets of the exploit's victims. Key Points: • Kelp DAO lost $292 million due to a vulnerability in LayerZero's infrastructure. • The exploit was executed by attackers linked to North Korea's Lazarus Group. • Kelp DAO is transitioning to Chainlink's infrastructure to mitigate future risks.

Key Entities

• Lazarus Group (apt_group)
• Data Breach (attack_type)
• DDoS (attack_type)
• Malware (attack_type)
• Kelp DAO (company)
• KelpDAO (company)
• Ethereum (company)
• LayerZero (platform)
• Chainlink (platform)
• North Korea (country)
• T1021 - Remote Services (mitre_attack)
• T1210 - Exploitation Of Remote Services (mitre_attack)
• T1499 - Endpoint Denial of Service (mitre_attack)