LayerZero: KelpDAO was hacked for $290 million due to a single DVN configuration, but the protocol itself has no vulnerabilities

Deep Tide TechFlow News, April 20th, according to an official statement from LayerZero, on April 18, 2026, KelpDAO’s rsETH was hacked, resulting in a loss of approximately $290 million. Preliminary investigations suggest that the attack may have been carried out by TraderTraitor, a group affiliated with North Korea’s Lazarus Group. The attackers poisoned the RPC infrastructure relied upon by LayerZero Labs’ DVN and coordinated a DDoS attack to force the system to switch to a contaminated node, ultimately forging cross-chain transactions to steal funds.

LayerZero pointed out that the root cause of this incident was KelpDAO’s adoption of a single DVN configuration (1/1), creating a single point of failure, despite LayerZero’s multiple recommendations for an upgrade to a redundant multi-DVN architecture. The LayerZero protocol itself did not find any vulnerabilities; the impact of the attack was entirely isolated to rsETH, and other cross-chain assets and applications remained unaffected. Currently, LayerZero Labs’ DVN has resumed operation and announced that it will no longer sign or verify messages for applications still using the 1/1 configuration. LayerZero has partnered with multiple law enforcement agencies worldwide and is actively assisting in tracking the stolen funds.