LayerZero attributes $290 million Kelp DAO exploit to Lazarus Group via RPC compromise

LayerZero clarified that the $290 million exploit of Kelp DAO’s rsETH bridge resulted from external security configurations rather than a flaw in the LayerZero protocol.

• The attack is being attributed to the North Korean Lazarus Group, involving a sophisticated DDoS attack and the compromise of RPC nodes.
• Kelp DAO has paused its liquid restaking operations while security teams work to trace the stolen assets across multiple chains.

LayerZero Labs has formally addressed the recent $290 million security breach involving Kelp DAO, asserting that the underlying interoperability protocol functioned as intended. The incident, which targeted the rsETH bridge, appears to be the result of a targeted operation by the Lazarus Group, a notorious North Korean state-sponsored hacking collective known for high-profile decentralized finance (DeFi) exploits. According to preliminary investigations by security firms and LayerZero developers, the attackers did not exploit a vulnerability within the LayerZero smart contracts. Instead, the breach was facilitated by a compromise of the RPC (Remote Procedure Call) nodes used by Kelp DAO. By gaining control over these nodes, the attackers were able to manipulate transaction data and authorize the drainage of assets from the bridge. The operation was notably sophisticated, reportedly involving a DDoS (Distributed Denial of Service) attack designed to overwhelm monitoring systems and distract the Kelp DAO security team during the execution of the theft. This multi-layered approach is a hallmark of the Lazarus Group, which has increasingly moved from simple phishing to complex infrastructure-level attacks on DeFi protocols. “The security of a bridge is only as strong as its most vulnerable endpoint,” a LayerZero spokesperson noted. “In this case, the decentralized infrastructure surrounding the bridge, specifically the RPC configuration, was the entry point. Our protocol performed according to its design, but the external security decisions left a window open for bad actors.” Kelp DAO has since paused all liquid restaking activities and is working with law enforcement and blockchain analytics firms to track the movement of the $290 million in stolen rsETH. The incident highlights a growing trend of supply chain attacks in the crypto space, where hackers target the middleware and service providers that connect users to blockchain protocols.

Market analysts suggest that this exploit may lead to stricter security standards for RPC providers and bridge operators. For now, the Kelp DAO community remains on high alert as the protocol attempts to formulate a recovery plan for affected users.

Disclaimer: This article is for informational purposes only and does not constitute advice of any kind. Readers should conduct their own research before making any decisions.

The post LayerZero attributes $290 million Kelp DAO exploit to Lazarus Group via RPC compromise appeared first on Cryptopress.