KelpDAO, a liquid restaking protocol backed by CZ’s household workplace YZi Labs, suffered a $290 million hack. The attacker drained rsETH by means of KelpDAO’s LayerZero-powered cross-chain bridge, risking contagion to different DeFi protocols similar to Aave. However, Layer Zero blames North Korea’s Lazarus Group and Kelp’s safety selections for the exploit.
North Korea’s Lazarus Group Likely Behind KelpDAO Hack: LayerZero
LayerZero Labs attributed the KelpDAO hack to North Korea’s Lazarus Group, particularly TraderTraitor, in a blog post on April 20. The hacking group has an extended historical past of focusing on crypto tasks, together with the $280 million Drift protocol hack.
Moreover, it highlighted that the hack succeeded as a result of KelpDAO selected to make use of a single-decentralized verifier community (DVN) configuration. The firm famous that it and different events beforehand advisable KelpDAO undertake a multi-verifier setup for higher safety.
Hackers focused KelpDAO’s bridge setup by compromising downstream RPC nodes utilized by LayerZero’s DVN to confirm transactions. Attackers compromised two RPC nodes and launched DDoS assaults on the uncompromised RPCs to empty $290 million in rsETH tokens.
“This was carefully designed to prevent any security monitoring from noticing anomalies from what external RPCs were reporting, said LayerZero. “It was designed to self-destruct once the attack could no longer be performed, disabling the RPCs, deleting the malicious binary and corresponding local logs and configs,” it added.
LayerZero maintained that its protocol itself had no inherent vulnerabilities. The KelpDAO hack exploited the liquid restaking protocol’s setup selections.
DVN Is Now Live with Zero Contagion to Other Crypto Tokens
LayerZero confirmed that there’s zero contagion to another cross-chain property or purposes. All affected RPC nodes are actually deprecated and changed, stating the “LayerZero Labs DVN is now live.”
It recommends that each one purposes with a multi-DVN setup resume operations. The protocol group is presently asking all emigrate to multi-DVN setups with redundancy.
However, the KelpDAO hack has triggered contagion results throughout DeFi. This has elevated unhealthy debt on Aave and led to a pointy drop in Aave’s complete worth locked (TVL).
Aave Founder Stani Kulechov stated “rsETH has been frozen on Aave V3 and V4. Both Aave V3 and V4 do not have further exposure to rsETH.”
rsETH has been frozen on Aave V3 and V4, the asset doesn’t have any borrowing energy as a measure attributable to KelpDAO bridge exploit that occurred outdoors of Aave. Both Aave V3 and V4 doesn’t have additional publicity to rsETH. https://t.co/vt8j1BOUjB
— Stani (@StaniKulechov) April 18, 2026
AAVE price crashed greater than 20% up to now two days, presently buying and selling at $92.40. The 24-hour low and excessive are $89.08 and $94.05, with a 15% decline in buying and selling quantity.
If you want to capitalize on low costs in present crypto market situations, take a look at our narrowed-down suggestions for the Best DeFi Lending Platforms.
