LayerZero: No Systemic Risk After $290M KelpDAO Exploit
LayerZero says April 18 rsETH breach at KelpDAO came from compromised RPC infrastructure and a single-verifier DVN; it reports no contagion to other assets.
LayerZero Labs posted on April 18 that an attacker exploited KelpDAO’s rsETH setup, resulting in roughly $290 million in losses. The company attributed the breach to compromised downstream remote procedure call (RPC) infrastructure used by its Decentralized Verifier Network (DVN) and to KelpDAO’s one-of-one DVN configuration. LayerZero identified preliminary indicators linking the operation to DPRK-linked Lazarus Group, naming an entity it called TraderTraitor.
In the post, LayerZero described the attack as targeting RPC systems rather than the protocol itself. According to the account, attackers ‘poisoned RPC systems, manipulated the data presented to the verifier, and used distributed denial-of-service pressure against uncompromised endpoints,’ which allowed fraudulent transactions to be validated while avoiding monitoring alerts. LayerZero added: ‘We can confirm with confidence that there is zero contagion to any other asset or application.’
LayerZero attributed the scale of the loss to KelpDAO’s reliance on a single verifier. The company noted long-standing recommendations for multi-DVN redundancy and said a configuration that required consensus from multiple independent verifiers would have prevented the attack even if one path was compromised.
Critics pointed to concentration of validator control. Zach Rynes, a community liaison at Chainlink, posted on X that LayerZero was deflecting responsibility and blamed centralized validator models and infrastructure control for the exploit. Rynes wrote: ‘As expected, Layerzero is deflecting responsibility that their own DVN node infrastructure was compromised and caused a $290M bridge exploit. Claiming there was no contagion is just the cherry on top.’
KelpDAO faces pressure to adopt multi-DVN setups that require multiple independent validators to sign cross-chain messages. Proponents of multi-verifier designs say those configurations reduce the chance that a single infrastructure compromise can authorize fraudulent transactions.
Investigations and recovery work are ongoing. LayerZero, KelpDAO and other involved parties have not released a full technical post-mortem with detailed forensic data beyond the initial statements. Market participants are watching whether KelpDAO will reconfigure its verifier network and whether industry standards will move toward multi-verifier deployments for large-value bridges.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
