LayerZero report: Kelp downgraded from 2-of-2 to 1-of-1 DVN before $292M rsETH exploit; six-week compromise traced to DPRK-linked UNC4899
first published 2026-05-20T13:34:38Z
LayerZero Labs says attackers poisoned RPC infrastructure used by KelpDAO’s single-signer (1/1) DVN verifier, enabling forged cross-chain messages and the theft of ~116,500 rsETH (~$292 million). LayerZero calls the incident an infrastructure compromise (not a protocol or smart-contract bug), says the issue was isolated to KelpDAO’s single-DVN setup with no contagion to other apps, replaced affected RPC nodes, engaged law enforcement and partners, and will no longer sign messages for 1/1 DVN configurations while urging migration to multi-DVN redundancy. Chainalysis and others linked the activity to North Korea–linked TraderTraitor/Lazarus.
AI Analysis
Attackers poisoned RPC infrastructure for KelpDAO’s single-signer (1/1) DVN verifier and forged cross-chain messages, resulting in the theft of ~116,500 rsETH (~$292M). LayerZero describes the root cause as an infrastructure compromise (not a protocol/smart-contract bug), has replaced affected RPC nodes, engaged law enforcement/partners, and will stop signing for 1/1 DVN setups while urging migration to multi-DVN redundancy. Chainalysis and others linked the activity to TraderTraitor/Lazarus.
Expected Investor Sentiment: Very Bearish
Potential Market Impact: High
Source Articles
- LayerZero details $292M KelpDAO exploit and tightens bridge security - Crypto News
- LayerZero's Incident Report Says Kelp Downgraded From 2-of-2 to 1-of-1 DVN Before $292M Exploit - The Defiant
- Drift says insurance fund untouched after attack, withdrawals to resume - Crypto News
- Map Protocol token plummets 96% after a quadrillion token mint exploit - Cointelegraph
