Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, Mastercard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Others
TradFi
Gate Card
Rewards
Square
Latest
Hot
News
Profile

LayerZero releases KelpDAO attack incident report: North Korean hacker group accused of involvement and will adjust security strategies

MeNews
robot
Abstract generation in progress
ME News Report, May 20 (UTC+8), LayerZero Labs released the latest incident report stating that on April 18, 2026, the KelpDAO rsETH cross-chain bridge built on its cross-chain communication protocol was attacked, resulting in approximately 116,500 rsETH (about $292 million) being stolen. Several security agencies including Mandiant, CrowdStrike, and independent researchers attributed the attack to North Korea-linked hacker group TraderTraitor (UNC4899). The report shows that the attack began on March 6, 2026, when the attacker used social engineering to compromise a LayerZero developer account, obtain session keys, and infiltrate the RPC cloud environment, further contaminating internal RPC node data and manipulating return results to deceive monitoring systems and decentralized verification networks (DVN). Subsequently, the attacker launched a denial-of-service attack against external RPC providers, causing the verification system to rely on compromised nodes to generate fake cross-chain proofs, thereby successfully extracting funds. LayerZero pointed out that the core vulnerability in this incident was due to the affected application adopting a "single-verifier" configuration, which allowed the target contract to execute asset release upon receiving a single valid signature, leading to rsETH being stolen. After the incident, LayerZero Labs announced plans to adjust security policies, including no longer allowing their own DVN to serve as the sole signer in single-verifier configurations, rebuilding the affected cloud infrastructure, and introducing short-term credentials, instant permission upgrades, and multi-party approval mechanisms to enhance security. Additionally, zeroShadow and law enforcement agencies have intervened in the investigation and asset tracking. LayerZero stated it will continue to work with ecosystem partners to strengthen cross-chain security systems to address increasingly sophisticated nation-state level attack threats. (Source: ODaily)
ZRO1.56%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 10
  • 13
  • Share
Comment
Add a comment
Add a comment
GateUser-170ee8b1
· 11h ago
Developer accounts are targeted by social engineering; classic vulnerabilities never go out of style.
View OriginalReply0
OldBlackVelvetKey
· 23h ago
Cross-chain bridges are just hacker ATMs; how many more times do I need to say this?
View OriginalReply0
MintCondition
· 23h ago
UNC4899 that code sounds like a stock, but it turns out to be North Korea's national team
View OriginalReply0
RationalRugChecker
· 23h ago
Short-term certificates + multi-party approval should have been in place already; now it's called reconstruction.
View OriginalReply0
ColdWalletUnderTheAurora
· 23h ago
RPC cloud surrenders the keys obediently when DDoS attacks, cloud-native remains lonely in silence
View OriginalReply0
RouterWhisperer
· 23h ago
The design where DVN is the sole signer has surprisingly lasted until 2026
View OriginalReply0
MistBlueLily
· 23h ago
It started infiltrating on March 6th, and only discovered it on April 18th. Is this surveillance just a show?
View OriginalReply0
NarrativeCartographer
· 23h ago
North Korean hackers are better at social engineering than DeFi.
View OriginalReply0
TvlAt3A.m.
· 23h ago
LayerZero's attempt to mend the sheep pen, but the sheep are already gone.
View OriginalReply0
MetalRoboticArm
· 23h ago
Only one signature is needed to release 290 million, is this configuration serious?
View OriginalReply0
View More

  • Pinned

Sitemap