Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
KelpDAO Loses $290M in Lazarus Group LayerZero Attack
KelpDAO suffered a $290 million loss on April 18 in a sophisticated security breach linked to the Lazarus Group, specifically an actor known as TraderTraitor, according to early reports. The attack targeted LayerZero infrastructure and exploited configuration weaknesses in KelpDAO’s verification systems. David Schwartz noted on April 20, 2026, that “the attack was way more sophisticated than I expected and aimed at LayerZero infrastructure taking advantage of KelpDAO laziness.”
How the Attack Happened
The attack employed a multi-stage approach rather than a simple exploit. Attackers first targeted the RPC system used by LayerZero’s verification network, then launched a DDoS attack to disrupt normal operations. When the system switched to backup nodes, attackers executed their key objective: those backup nodes had already been compromised, allowing them to send false signals and confirm transactions that never actually occurred. Notably, no core protocol or private keys were broken. Instead, the attack exploited weak points in the system’s configuration, demonstrating the sophistication of modern cyber threats.
Single Point of Failure as Root Cause
The fundamental vulnerability stemmed from KelpDAO’s configuration design. The platform relied on a 1-of-1 verification setup, meaning only a single verifier confirmed transactions with no backup verification layer. Once that single system was compromised, the attack succeeded without any secondary defense. Experts noted this created a clear single point of failure. LayerZero had previously recommended using multiple verifiers, and a multi-layer verification setup could have prevented the attack entirely.
Impact and Scope
While the loss was substantial, damage remained contained to a specific area. Reports confirm the breach affected only KelpDAO’s rsETH product, with other assets and applications remaining unaffected. LayerZero quickly replaced the compromised systems and restored normal operations. Teams are working with investigators to track the stolen funds. The incident has raised industry-wide concerns about configuration security in advanced systems.
Implications for Crypto Security
The incident underscores that security depends not only on code strength but also on system configuration and management practices. The involvement of the Lazarus Group—a cyber group historically linked to large-scale exploits—adds significant concern, as their methods continue to evolve. Going forward, projects may increasingly prioritize redundancy and risk control mechanisms. Multi-layer verification could become an industry standard. The KelpDAO attack serves as a warning that even one weak point in system architecture can result in massive losses. As the crypto space expands, security practices must evolve proportionally.