You haven't bought rsETH but your WETH has been frozen.

Introduction

Key points:

• Four attack incidents detected between April 13 and April 19, 2026, involving multiple chains such as Ethereum, Unichain, Arbitrum, and NEAR, with an estimated total loss of about $310 million.
• Attack vectors include RPC infrastructure poisoning targeting LayerZero DVN, MMR proof forgery, signed integer abuse in insurance funds, and cyclic exchange path exploitation in margin trading protocols.
• The KelpDAO incident ($290M) indicates cross-chain bridge security has extended beyond smart contracts to off-chain verification infrastructure. Cascading freezes of WETH on five chains and forced state transitions on Arbitrum further reveal how composability amplifies single points of failure and where the real trust boundaries of “decentralized” systems lie.

Over the past week (2026/04/13 - 2026/04/19), BlockSec detected and analyzed four attack incidents, with an estimated total loss of about $310M. The table below summarizes these incidents; subsequent sections will provide detailed analyses of each.

Table 1: Overview of the four attack incidents detected this week

Highlights of the Week: KelpDAO

This incident is highlighted because of its novel infrastructure-level attack vector (RPC poisoning against a single DVN rather than smart contract vulnerabilities), multi-chain cascading effects triggered by DeFi composability, and governance issues arising from Arbitrum’s forced state transition to recover stolen funds.

On April 18, 2026, KelpDAO’s rsETH LayerZero OFT cross-chain bridge was attacked, losing about $290M. LayerZero Labs attributed the attack to state-sponsored actors, possibly North Korea’s Lazarus Group [1]. The root cause is KelpDAO’s 1-of-1 DVN configuration, which reduces cross-chain message verification to a single point of failure. The attacker poisoned RPC infrastructure trusted by LayerZero Labs’ DVN, forcing it to sign a forged proof of a cross-chain message, resulting in 116,500 rsETH being released on Ethereum, while no corresponding send event exists on the Unichain source chain.

Background

LayerZero is a modular security architecture-based cross-chain messaging protocol. Its core message integrity is guaranteed by a decentralized validator network (DVN), an off-chain entity responsible for independently verifying that messages sent on the source chain actually occurred before allowing execution on the target chain. Each application deployed on LayerZero configures its own DVN settings, including which DVNs to trust, how many are required, and the consensus threshold. This modularity grants applications full control over their security model but also full responsibility: weak configurations cannot be remedied by the protocol itself.

KelpDAO’s rsETH, deployed as an OFT (omnichain fungible token) on LayerZero, bridges Unichain (source chain) and Ethereum mainnet (target chain). The OFT standard allows tokens to be burned on the source chain and released from lock on the target chain, with cross-chain messages serving as the sole authorization for release. The Ethereum adapter (0x85d456…e98ef3) is responsible for releasing rsETH to the recipient after cross-chain message verification and passing. The critical issue is that KelpDAO configured this path as a 1-of-1 DVN setup, designating LayerZero Labs as the sole verifier. This means a single DVN proof can authorize any token release without secondary confirmation.

To perform verification, LayerZero Labs’ DVN queries multiple RPC nodes to confirm that the cross-chain send event indeed occurred on the source chain. These RPC nodes include self-operated infrastructure and third-party providers, relying on their collective responses to sign proofs. The integrity of this process depends on the assumption that most queried nodes return truthful data.

Vulnerability Analysis

This vulnerability is a systemic failure at the infrastructure and configuration layer, composed of three overlapping weaknesses:

1. KelpDAO’s 1-of-1 DVN configuration eliminates redundancy in the verification layer. LayerZero’s recommended secure setup explicitly requires multiple DVNs and independent validators, ensuring no single DVN can unilaterally authorize a message. By relying solely on LayerZero Labs’ DVN, KelpDAO ensures that any compromise of this single verifier can authorize arbitrary token releases.

2. The DVN’s failover mechanism routes verification queries to any reachable RPC node. This design assumes node unavailability is accidental rather than malicious. However, this creates a condition where an attacker need not compromise all data sources: by DDoS attacking healthy nodes and preparing poisoned nodes as the only reachable alternative, the attacker can fully control the data received by the DVN.

3. Replacing the op-geth executable on RPC nodes requires OS-level access to the underlying server. The exact initial access vector has not been disclosed, but compromising two nodes located on separate clusters suggests shared underlying vulnerabilities, such as leaked deployment credentials, CI/CD pipeline exploits, or social engineering targeting operators with access to both.

These three conditions together form a complete attack chain: the first ensures no independent DVN can cross-verify the proof, the second guarantees the attacker can fully control the data received by the sole DVN, and the third provides the initial foothold for data manipulation. Any single weakness alone is insufficient. Without the 1-of-1 configuration, a second DVN querying independent infrastructure would reject forged messages. Without failover behavior, healthy nodes would reject poisoned nodes. Without server compromise, the attacker cannot inject forged data.

Attack Analysis

This analysis is based on transaction 0x1ae232…4222 and LayerZero Labs’ official incident statement.

Step 1: The attacker obtained the list of RPC nodes trusted by LayerZero Labs’ DVN. This list is a high-value intelligence target because knowing the exact nodes enables precise, surgical operations rather than broad infrastructure attacks.

Step 2: The attacker gained OS-level write access to two RPC nodes, replacing the running op-geth binary with a malicious version. These nodes are described as running on separate clusters, implying the initial access involved shared upstream dependencies (e.g., leaked deployment credentials, CI/CD pipelines, or social engineering targeting operators with access to both). LayerZero Labs has not disclosed the exact initial access method. This step is a prerequisite for subsequent data manipulation.

Step 3: The malicious op-geth binary implements targeted response logic: returning forged transaction data only to the DVN’s IP address, while providing truthful blockchain state to all other request