LayerZero says North Korea's Lazarus is likely behind the $292M Kelp DAO exploit on April 18, which triggered $10B in outflows from Aave over bad debt concerns
Quick Take — LayerZero said North Korean hacker group Lazarus is likely responsible for the $292 million Kelp DAO exploit.
The Block Danny Park
Related Coverage
- Crypto Hack Sparks $9 Billion Outflows From Biggest DeFi Lender Bloomberg · Sidhartha Shukla
- Justin Sun pleads with Kelp DAO hacker after $293m heist. 'Let's just talk' DL News · Eric Johansson
- Kelp DAO Exploit Sparks Aave Liquidity Crunch, $6.2 Billion Withdrawal Panic Decrypt · André Beganski
- Aave price drops to $90 after Kelp DAO exploit, derivatives hint at potential rebound crypto.news · Rony Roy
- $290M KelpDAO Hack SHOCK: LayerZero Points to Fatal DVN Flaw, Lazarus Suspected CryptoNinjas · Liam Turner
- KelpDAO Hack: LayerZero Blames North Korea's Lazarus and Kelp's Poor Security CoinGape · Varinder Singh
- Kelp DAO Loses $292M in Largest DeFi Exploit of 2026, LayerZero Attributes Attack to Lazarus Group Blockhead
- LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus CoinDesk · Shaurya Malwa
- $290M Kelp DAO Breach Tied to Lazarus Group and Weak Bridge Security Blockonomi · Trader Edge
- DeFi users pull $10 billion out of the market as $292 million exploit sparks bank-run optics CryptoSlate · Oluwapelumi Adejumo
- Kelp DAO Exploit Sparks Aave Liquidity Crunch, $6.2 Billion Withdrawal Panic Yahoo Finance · Eth-Usd
- Kelp DAO: Exploit Triggers Aave Crunch Blockchain.News
- Aave's TVL tanks $8B a day after $293M Kelp DAO hack Cointelegraph · Brayden Lindrea
- DeFi Lender Aave Battles Withdrawal Crisis After KelpDAO rsETH Exploit Bitcoin News · Jamie Redman
- AAVE TVL plummets $6B after Kelp DAO hack exploits LayerZero bridge flaw Crypto Briefing · Estefano Gomez
- Kelp DAO Suffers $292 Million rsETH Exploit - Details Bitcoinist.com · Semilore Faleti
- KelpDAO $290M Exploit Linked to Suspected Lazarus Group Attack Coinpedia Fintech News · Sohrab Khawas
- Kelp DAO Loses $293M in Bridge Exploit, Leaving Aave With Over $200M in Bad Debt The Defiant · Camila Russo
- LayerZero says Kelp setup caused exploit, as Aave loss questions mount Cointelegraph · Zoltan Vardai
- Crypto Hack: Kelp DAO $290M Exploit Linked to Verifier Flaw — LayerZero The Coin Republic · Rupam Roy
- LayerZero says North Korean Lazarus Group behind $292M Kelp DAO attack Crypto Briefing · Vivian Nguyen
- LayerZero Breaks Silence On $290 Million KelpDAO Crypto Exploit Bitcoin Insider · Jake Simmons
- LayerZero Says Lazarus Group Likely Behind Kelp DAO Exploit Cryptonews · Ahmed Barakat
- LayerZero Pins $292M KelpDAO Bridge Hack on North Korea's Lazarus Group Decrypt · Vince Dioquino
- LayerZero Links $292 Million Kelp DAO Bridge Exploit to North Korea's Lazarus Group Unchained
- LayerZero: Pins $292M KelpDAO Hack on Lazarus Blockchain.News
- Aave's TVL Tanks $6.6 Billion as Kelp DAO Hack Sparks Bad Debt and Structural Fears Unchained
- North Korean Hackers Exploit Cross-Chain Vulnerability in $292M KelpDAO Breach Blockonomi · Oliver Dale
- LayerZero Post Mortem Shows Lazarus Group Stole $290M From KelpDAO via RPC Node Compromise The Defiant
- LayerZero links Kelp DAO exploit to Lazarus as DeFi losses deepen crypto.news · Olivia Stephanie
- Market Updates: Aave TVL Slides $8B After Kelp DAO Protocol Breach; Saylor Teases Bigger BTC Accumulation; Jenner Memecoin Cleared of Securities Status The Crypto Basic · Zabi
- DeFi sector in $14B meltdown as $290M rsETH hack fallout burns Aave Protos · Jake Harrison
- Kelp DAO claims LayerZero's ‘default’ settings are what actually caused the massive $290 million disaster CoinDesk
- North Korea hackers blamed for $290M crypto theft TechCrunch · Lorenzo Franceschi-Bicchierai
- Crypto infrastructure company blames $290 million theft on North Korean hackers The Record · Jonathan Greig
- Lazarus Group exploits KelpDAO bridge, siphons $228M in ETH Crypto Briefing · Estefano Gomez
- Kelp DAO blames LayerZero defaults for $290m rsETH bridge disaster crypto.news · Andrew Folkler
- What The Kelp DAO's $292 Million Hack Means For XRP Holders Earning Yield Bitcoin Insider · Scott Matherson
- Dune Analytics Reveals 47% of LayerZero OApps Use Minimal DVN Security Following KelpDAO Hack The Defiant
- Aave could face up to $230 million in losses after Kelp DAO bridge exploit triggers DeFi chaos CoinDesk · Margaux Nijkerk
- Aave lays out rsETH risk and recovery paths after Kelp DAO exploit Crypto Briefing · Estefano Gomez
- KelpDAO suffers $290 million heist tied to Lazarus hackers BleepingComputer · Bill Toulas
Discussion
-
NullTX
Will Izuchukwu
on x
LayerZero Blames KelpDAO for $290 Million Hack, Citing Possible Links With DPRK's Lazarus Group
-
@layerzero_core
@layerzero_core
on x
KelpDAO Incident Statement
-
@banteg
@banteg
on x
such elaborate distancing doesn't sit well with me. it literally says “the protocol functioned exactly as intended”. the attack is described as a compromise of an rpc node and rpc poisoning. but that's not what rpc poisoning means, their own infra was breached and compromised.
-
@donnoh_eth
@donnoh_eth
on x
key takeaway from the article: the LayerZero protocol, *when used as intended*, is not safe. i'd add, the protocol is certainly safe when it is intended not to use it in the first place [image]
-
@suhailkakar
Suhail Kakar
on x
the kelp rsETH post-mortem is wild lazarus (dprk) compromised two rpc nodes that layerzero dvn was relying on. swapped the op-geth binaries. wrote a custom payload that forged messages *only when the dvn queried* - every other IP, including monitoring, saw clean truthful data. [i…
-
@hosseeb
Haseeb
on x
TL:DR: * LayerZero says it was Kelp's fault for running 1/1 DVN setup, their docs warn against that (although LZ operated the actual DVN) * Yep, North Korea again * LayerZero had solid opsec but still got pwned (they're not disclosing the original compromise path it seems) *
-
@0xngmi
@0xngmi
on x
The attack was 1. North Korea figured out which RPC providers LZ was using 2. They compromised two of the providers to make them return fake data 3. DDoSed other providers to shut them down, forcing LZ to use the bad ones AFAIK I was the only one who actually called it [image]
-
@chainlinkgod
Zach Rynes
on x
As expected, LayerZero is deflecting responsibility that their own DVN node infrastructure was compromised and caused a $290M bridge exploit They throw KelpDAO under the bus for the crime of trusting the LayerZero Labs DVN, a 1/1 setup they willingly supported and only blocked
-
@joelkatz
David ‘JoelKatz’ Schwartz
on x
The attack was way more sophisticated than I expected and aimed at LayerZero infrastructure taking advantage of KelpDAO laziness.