The recent $290 million hack of KelpDAO is now under closer examination. LayerZero and Aave have shared details about how the attack happened, why the financial impact seems limited, and what lessons the crypto industry can learn about securing cross-chain transactions in the future.
LayerZero argues the recent exploit wasn’t due to a flaw in their protocol, but rather a choice made by KelpDAO to operate rsETH with a specific, less secure setup. This is important because it’s changing the conversation from widespread risk across all projects using LayerZero, to a more focused question about the security choices made by KelpDAO and the potential impact on their application.
LayerZero Links KelpDAO Crypto Exploit To RPC Attack
LayerZero stated on April 20th that the attack on April 18th only affected KelpDAO’s rsETH system due to how KelpDAO was set up. They confirmed, after a thorough check of all connected applications, that no other assets or applications were impacted by the attack.
LayerZero believes the recent incident was a coordinated attack by a government-backed entity, not a flaw in their system. They point to evidence suggesting the attack was carried out by a highly skilled group linked to North Korea, known as Lazarus Group and specifically identifying a member called TraderTraitor.
The attack didn’t break the core technology, key security, or the LayerZero systems themselves. Instead, the attacker targeted the systems that help connect to LayerZero, specifically by replacing legitimate software on hacked servers and then overwhelming working connections with a flood of traffic. This forced traffic to switch over to the compromised systems.
This sequence of events is key to understanding LayerZero’s position. According to the company, their security design—which limits access privileges—prevented attackers from directly compromising their core systems. Instead, the attackers exploited a specific point to launch an attack that tricked the system into thinking requests were legitimate.
The attacker’s compromised node used a specially crafted message to trick the DVN, and was designed to avoid raising alarms. LayerZero explained that this node only sent false information to the DVN, while appearing normal to all other systems – including the attacker’s own monitoring tools – suggesting a deliberate attempt to remain undetected.
LayerZero explains that the recent exploit could have been prevented if rsETH hadn’t used a single verifier. According to their statement, the problem stemmed from how KelpDAO’s rsETH was set up. It used a ‘1-of-1’ system where LayerZero Labs was the only verifier – a setup LayerZero had specifically advised against, recommending multiple verifiers for redundancy to all partners.
The statement explained that if the system had been properly secured with agreement from several separate data validation networks, this attack wouldn’t have worked, even if one of those networks had been hacked.
We’ve brought our DVN back online after addressing the recent issues. We’ve retired the affected RPC nodes and replaced them with new ones. Importantly, we will no longer be signing or attesting messages for applications running with a single validator – a 1/1 configuration. As part of our response, we’re actively collaborating with law enforcement and industry partners like Seal911 to trace the movement of funds.
Aave recently announced on X that its analysis confirms all rsETH on the main Ethereum network is fully backed by assets. However, as a safety measure, rsETH remains frozen on Aave V3 and V4, and the potential impact of the recent incident is limited. Additionally, WETH reserves are still frozen on the affected markets across Ethereum, Arbitrum, Base, Mantle, and Linea while the Aave team continues to investigate and find a solution.
At press time, the total crypto market cap stood at $2.5 trillion.
Read More
- Silver Rate Forecast
- Gold Rate Forecast
- Brent Oil Forecast
- Binance BTC Inflows Hit 6-Year Lows-Is a Supply Shock Brewing?
- Bitcoin’s Lightning: €Billion Bargain That Leaves Wallets Laughing!
- Markets Whisper: The Hidden Boom Behind Morgan Stanley Skeptics
- Stablecoins, RWAs, and the Crypto Industry’s Midlife Crisis
- Iran’s Nuclear Shift: Could Bitcoin Surge Past $71K on Peace Deal Hopes?
- HYPE PREDICTION. HYPE cryptocurrency
- Zcash Surges 23%: Will Mega Whales Trigger a Massive Short Squeeze Next?
2026-04-20 13:27