BlackHartBlackHart
Hacks Feed/Kelp DAO

Kelp DAO

April 18, 2026·Ethereum·Bridge Exploit
$292.0M
total loss
StatusConfirmed
View current Kelp DAOscore →

Lazarus Group, the North Korean state-sponsored hacking unit, drained $292 million from KelpDAO's cross-chain bridge in a single transaction. The bridge used LayerZero for cross-chain messaging, but Kelp had configured it to trust just one verifier, LayerZero Labs' own. The attackers compromised the developer credentials for that verifier, then made the bridge believe a fake withdrawal was legitimate. About 18% of all rsETH in circulation moved to the attackers in a single block.

rsETH bridge balancedrained(116,500 rsETH ($292M) released to attacker)
Circulating rsETH supplydrained(~18% of total)
User staked positionsdrained(delegations lost backing)
LayerZero DVN infrastructuredrained
What the score saw

Our pre-hack assessment flagged Kelp's cross-chain messaging trust assumptions and supply-chain exposure as the protocol's weakest layers. Both failed at once: a single trusted verifier was compromised through its developer credentials.

Exploit anatomy

The attackers compromised the verifier's developer credentials, signed off a fake withdrawal as if it were legitimate cross-chain traffic, and drained the bridge totheir primary addressin a single block.

Fund flow
Source
LayerZero EndpointV2
0x1a440760...fE728c
rsETH OFT adapter (Ethereum)
0x85d456B2...e98Ef3
Receiver
Attacker primary address
received 116,500 rsETH in one transaction
DeFi monetization
Aave V3/V4 deposits
89,567 rsETH across 7 addresses on Ethereum, Arbitrum, Base, Mantle, Linea
Borrowed WETH
$190.86M
Borrowed wstETH
$2.33M
Laundering
Tornado Cash
$200M to $236M total extracted
Full forensic detail

Step-by-step reconstruction, root cause, counterfactuals, remediation, and disclosure timeline.

Exploit anatomy

1.
Initial access: The attacker social-engineered a LayerZero Labs developer to obtain session keys, gaining access to cloud RPC infrastructure. This happened on or around March 6, 2026. Six weeks before the drain.
2.
RPC node compromise: The attacker identified the RPC node list used by LayerZero Labs' DVN, accessed two internal nodes on separate clusters, and replaced the op-geth binaries with modified versions. The malicious nodes returned truthful data to all requesters except the DVN. The DVN received forged responses claiming a phantom rsETH burn on Unichain.
3.
DDoS amplification: A simultaneous DDoS attack targeted external RPC providers. This forced LayerZero's DVN to fail over exclusively to the two compromised internal nodes.
4.
Forged message injection: With the DVN reading only from poisoned nodes, the attacker submitted a forged LayerZero packet to EndpointV2 on Ethereum. The packet claimed 116,500 rsETH had been burned on Unichain. That burn never occurred. The DVN signed a valid attestation for this forged message.
0x1a440760...fE728cEndpointV2.lzReceive()tx:0x1ae232da...db4222
5.
Token release: The rsETH OFT adapter on Ethereum received the validated message from EndpointV2 and released 116,500 rsETH to the attacker's address. The 1-of-1 DVN configuration meant no second verifier existed to cross-check the phantom burn.
0x85d456B2...e98Ef3rsETH OFT Adapter releasetx:0x1ae232da...db4222
6.
DeFi monetization: The attacker deposited 89,567 rsETH across 7 addresses on Aave V3/V4 markets (Ethereum, Arbitrum, Base, Mantle, Linea) and borrowed $190.86M in WETH plus $2.33M in wstETH. Additional positions opened on Compound V3, Euler, and other protocols before freezes kicked in.
Aave V3/V4 supply() + borrow()
7.
Fund extraction: Borrowed WETH consolidated through intermediary addresses and routed through Tornado Cash. Total extracted: $200M to $236M.
8.
Evidence destruction: Malicious RPC binaries auto-deleted logs and configuration files after the attack.

Root cause

Two failures combined here. First, KelpDAO's rsETH OFT adapter ran a 1-of-1 DVN setup. Only LayerZero Labs' single verifier needed to attest to cross-chain messages. No independent second validator existed. Single point of failure in the trust model. Second, the attacker compromised the upstream RPC infrastructure feeding that sole verifier via social engineering and binary replacement. The DVN then signed valid attestations for fabricated messages. Every on-chain transaction appeared cryptographically valid. The validator's signature was valid. The message format was valid. The corruption happened at the data layer beneath the verification logic. The system needed cross-chain invariant monitoring to detect the attack (verifying that token burns on the source chain actually occurred). No such monitoring existed. At the time, 40-47% of LayerZero OApps used the same 1-of-1 configuration. LayerZero's own V2 OApp Quickstart documentation showed sample code wiring pathways with one required DVN and no optional DVNs.

// KelpDAO rsETH OFT adapter DVN configuration (reconstructed) requiredDVNs: [LayerZero Labs DVN] requiredDVNCount: 1 optionalDVNs: [] optionalDVNCount: 0 // Single attestation from LayerZero Labs DVN was sufficient // to authorize release of any amount of rsETH on destination chain

Prevention analysis

2-of-2 or higher DVN threshold

Attack prevented outright. A second independent DVN would have rejected the forged attestation. No corresponding burn existed on any source chain. LayerZero recommended multi-DVN configurations but didn't enforce them.

Cross-chain invariant monitoring

Attack detected in real-time. A monitor verifying source-chain burns against destination-chain releases would have flagged the phantom burn immediately. No such system was running.

Rate-limiting on bridge releases

Partial mitigation only. A per-transaction or per-epoch cap on rsETH releases would have capped the drain well below 116,500 tokens, buying time for manual intervention.

RPC node integrity monitoring with attestation

Infrastructure compromise caught earlier. Hardware attestation or canary queries to RPC nodes would have revealed the binary replacement within hours, not weeks.

Similar incidents

Any LayerZero OApp with 1-of-1 DVN

40-47% of LayerZero OApps used identical 1-of-1 DVN configuration at time of exploit

Bybit (Safe{Wallet})

Same threat actor (TraderTraitor/UNC4899). Infrastructure-level compromise of off-chain signing systems rather than smart contract vulnerability. Social engineering initial access vector.

Ronin Bridge

Bridge validator compromise by Lazarus Group. Insufficient validator threshold (5-of-9 compromised). Social engineering initial access.

Wormhole

Cross-chain bridge exploit resulting in unauthorized token minting on destination chain, though Wormhole was a smart contract vulnerability rather than infrastructure compromise.

Remediation

1.KelpDAO migrated rsETH cross-chain bridging from LayerZero OFT to Chainlink CCIP (Cross-Chain Token standard).done
2.LayerZero Labs DVN no longer services 1-of-1 configurations. Minimum threshold raised to 3 verifiers where available, floor of 3 on constrained chains.
3.KelpDAO emergency pauser multisig froze rsETH contracts across Ethereum mainnet and all L2 deployments within 46 minutes of the drain.
4.Arbitrum Security Council froze 30,766 ETH of downstream funds in coordination with law enforcement.
5.All compromised LayerZero RPC nodes deprecated and replaced with fresh infrastructure.
6.Aave governance evaluating loss socialization: Umbrella WETH vault ($56M), AAVE token issuance for the remaining ~$120M bad debt.pending
7.Cross-chain invariant monitoring recommended. Source-chain burn verification before destination-chain release.

Timeline

2026-03-06Attacker gains initial access to LayerZero Labs cloud infrastructure via social engineering of a developer.
2026-04-18116,500 rsETH drained from KelpDAO bridge in a single Ethereum transaction.
2026-04-18KelpDAO operations multisig pauses rsETH contracts across mainnet and L2s. 46 minutes post-drain.
2026-04-18Follow-up drain attempt of 40,000 rsETH (~$95M) reverts against paused contracts.
2026-04-18Aave freezes rsETH/wrsETH across all V3 deployments.
2026-04-19SparkLend, Fluid, Compound, Euler, and additional protocols freeze rsETH markets.
2026-04-19LayerZero Labs publishes initial incident statement. Attributes attack to state actor. Blames 1-of-1 DVN configuration.
2026-04-20KelpDAO disputes LayerZero's framing. Claims LayerZero approved the 1-of-1 setup and that it matched documented defaults.
2026-04-20Aave publishes rsETH incident report. WETH frozen on Core, Prime, Arbitrum, Base, Mantle, Linea markets.
2026-04-20Arbitrum Security Council freezes 30,766 ETH of downstream funds in coordination with law enforcement.
2026-05-05KelpDAO publishes memo claiming LayerZero personnel directly approved the bridge configuration. Announces migration to Chainlink CCIP.
2026-05-06KelpDAO begins migrating rsETH from LayerZero OFT to Chainlink CCIP/CCT standard.
2026-05-10LayerZero details security changes. DVN no longer services 1/1 configurations. Minimum 3-verifier threshold.
2026-05-20LayerZero issues public apology. Admits fault in single-verifier setup.
Sources
coindesk.comchainalysis.comhalborn.comdefiprime.comlayerzero.networkgovernance.aave.comcoindesk.comcryptopotato.comnews.bitcoin.comtheblock.co
Mandiant and CrowdStrike (attribution to TraderTraitor/UNC4899). Chainalysis (on-chain forensics). Halborn (technical analysis). Aave governance (impact assessment).
Continuous adversarial monitoring

Get your protocol scored across 12 dimensions, or request ongoing coverage.

Request ScoringView Plans