LayerZero has pointed the finger at Kelp’s configuration for the $290 million breach, linking it to North Korea’s Lazarus group.
LayerZero stated that the assailants hijacked two RPC nodes used by the company’s verifier and launched a DDoS attack on the others, an operation that succeeded only because Kelp disregarded advice to implement multi-verifier safeguards.
What to know:
— LayerZero attributed the $290 million Kelp DAO breach to Kelp’s choice to operate a single-verifier setup, despite earlier alerts to adopt a multi-verifier approach.
— The attackers, whom LayerZero has tentatively connected to North Korea’s Lazarus Group and its TraderTraitor faction, hijacked two RPC nodes and executed a DDoS assault to trigger a failover, deceiving LayerZero’s verifier into sanctioning a fraudulent cross-chain transfer.
— LayerZero clarified that the incident originated from Kelp’s security decisions rather than a flaw in the protocol, confirmed no spread to other apps, and announced it will cease signing messages for any project utilizing a 1-of-1 verifier setup.
In this article
LayerZero has assigned blame for the $290 million Kelp DAO breach to Kelp’s own security settings, noting that the liquid restaking protocol operated a single-verifier configuration that LayerZero had previously cautioned against.
The assault exploited a new vector aimed at the infrastructure layer instead of any protocol code.
LayerZero has tentatively linked the attackers to North Korea’s Lazarus Group and its TraderTraitor subunit, who compromised two of the remote procedure call (RPC) nodes that LayerZero’s verifier depends on to validate cross-chain transactions.
RPC nodes serve as the servers enabling software to read and write data on a blockchain, and LayerZero’s verifier utilized a combination of internal and external nodes for redundancy.
The assailants replaced the binary software on two of these nodes with malicious versions crafted to inform LayerZero’s verifier of a fraudulent transaction, while simultaneously providing accurate data to all other systems querying those same nodes.
This selective deception was designed to remain undetected by LayerZero’s own monitoring infrastructure, which queries the same RPCs from various IP addresses.
Compromising two nodes was insufficient on its own. LayerZero’s verifier also queried unharmed external RPC nodes, prompting the attackers to launch a distributed denial-of-service attack on those to force a failover to the compromised ones.
Traffic logs released by LayerZero indicate the DDoS occurred between 10:20 a.m. and 11:40 a.m. Pacific Time on Saturday. Once the failover activated, the compromised nodes informed the verifier that a valid cross-chain message had arrived, leading Kelp’s bridge to release 116,500 rsETH to the attackers. The malicious node software then self-destructed, erasing binaries and local logs.
The attack succeeded solely because Kelp operated a 1-of-1 verifier configuration, meaning LayerZero Labs was the only entity verifying messages to and from the rsETH bridge.
LayerZero’s public integration checklist and direct communications with Kelp had advised a multi-verifier setup with redundancy, where consensus across several independent verifiers would be necessary to confirm a message. Under that configuration, poisoning one verifier’s data feed would not have been enough to forge a valid message.
«KelpDAO chose to utilize a 1/1 DVN configuration,» LayerZero wrote, using the protocol’s term for decentralized verifier networks. «A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised.»
LayerZero confirmed that zero contagion occurred to any other application on the protocol. Every OFT-standard token and application running multi-verifier setups remained unaffected.
The LayerZero Labs verifier is back online, and the company stated it will no longer sign messages for any application running a 1-of-1 configuration, mandating a protocol-wide migration away from single-verifier setups.
The architectural distinction is crucial for how DeFi prices LayerZero risk moving forward.
A protocol-level bug would have implied every OFT token on every chain was potentially at risk. However, a configuration failure by a single integrator, combined with a targeted infrastructure attack, implies the protocol functioned as designed and that Kelp’s security choices, not LayerZero’s code, created the vulnerability.
Kelp has not yet publicly responded to LayerZero’s framing or addressed why it operated a 1-of-1 verifier setup despite explicit recommendations against it.
Lazarus Group has been linked to the Drift Protocol exploit on April 1 and now Kelp on April 18, meaning the same North Korean unit has drained more than $575 million from DeFi in 18 days through two structurally different attack vectors: social engineering governance signers at Drift and poisoning infrastructure RPCs at Kelp.
The group is adapting its playbook faster than DeFi protocols are hardening their defenses.