1. The Incident in Brief
On April 18, 2026, Kelp DAO — a liquid restaking protocol that channels user-deposited Ether through EigenLayer to generate yield — had 116,500 rsETH tokens, valued at approximately $292 million, drained from its cross-chain bridge. The event stands as the largest decentralized finance exploit recorded so far in 2026, narrowly surpassing a $285 million attack on Solana-based trading protocol Drift that took place earlier in April. Two days after the drain, cross-chain messaging provider LayerZero published a detailed post-mortem assigning responsibility to both Kelp's security architecture and a state-sponsored hacking organization.
2. Preliminary Attribution to North Korea
LayerZero's analysis identified preliminary indicators consistent with the tactics and infrastructure of North Korea's Lazarus Group, more precisely its TraderTraitor subunit. The firm characterized the perpetrators as a "highly sophisticated state-sponsored" actor, noting that behavioral and technical patterns observed during the attack aligned with those seen in prior Lazarus-linked operations. While LayerZero stopped short of a definitive confirmation, its findings were detailed enough to prompt coordination with multiple law enforcement agencies. Blockchain security firm Cyvers, conducting its own parallel review, indicated that the attack's scale and coordination bore hallmarks of DPRK-affiliated operations, though it noted that wallet clustering linked to the group had not yet been independently confirmed at the time of its report.
3. How the Attack Was Engineered
The technical execution involved a multi-step compromise of infrastructure underlying LayerZero's decentralized verifier network (DVN) — the system responsible for confirming whether cross-chain token transfers are legitimate. Roughly ten hours before the actual drain, the attackers pre-funded six wallets through Tornado Cash, establishing a financial staging ground. They then identified the specific remote procedure call (RPC) nodes — the servers that relay blockchain data to software applications — used by LayerZero's verifier to check the validity of transactions.
Two of those RPC nodes were selectively poisoned. Attackers replaced the software running on them with malicious versions engineered to report fabricated transaction data to LayerZero's DVN while simultaneously showing accurate, unaltered data to every other system querying those same nodes. This deliberate asymmetry was designed to keep the attack undetectable by LayerZero's own monitoring, which queries nodes from different IP addresses. To complete the trap, the attackers launched a distributed denial-of-service (DDoS) campaign against the remaining clean nodes, forcing LayerZero's verifier to fall back on — and exclusively rely upon — the two already-compromised ones. With false confirmation in hand, the bridge approved and executed the fraudulent 116,500 rsETH transfer. Once the exploit concluded, the malicious node software self-destructed, erasing binaries, logs, and configuration files to remove forensic evidence in real time.
4. The Single-Verifier Configuration at the Center of the Dispute
LayerZero's post-mortem placed the enabling condition for the attack squarely on Kelp's decision to operate a 1-of-1 DVN configuration — meaning LayerZero Labs itself was the sole entity verifying every message passing through Kelp's bridge. Under a properly diversified multi-verifier setup, compromising a single node cluster would not have generated a message accepted by the protocol, since independent verifiers would have rejected the forged data. LayerZero stated that it had communicated best practices around DVN diversification to Kelp prior to the attack, and argued that the absence of redundancy transformed what might have been a contained infrastructure incident into a nine-figure loss.
5. Kelp DAO Disputes LayerZero's Account
Kelp DAO pushed back sharply on the framing presented in LayerZero's post-mortem. According to a source familiar with the matter, Kelp disputes the characterization that it ignored explicit guidance to adopt a multi-verifier setup. Kelp's position is that the single-verifier configuration it ran was built on LayerZero's own infrastructure and reflected LayerZero's onboarding defaults rather than a deliberate outlier choice made against advice. The protocol maintains that the exploit was confined to the LayerZero-powered bridge and did not penetrate its core restaking contracts. Security researcher Artem K, known professionally as @banteg, published a technical review of LayerZero's public deployment code and found that the reference setup ships with single-source verification defaults across major networks, including Ethereum, BNB Chain, Polygon, Arbitrum, and Optimism. That same deployment was noted to expose a public endpoint revealing the list of configured servers to any external query.
6. Near-Miss: Two Follow-Up Attempts Blocked
The attackers made two additional attempts in the aftermath of the initial drain. At 18:26 and 18:28 UTC, each carrying the same LayerZero packet structure as the original attack, the perpetrators attempted to extract a further 40,000 rsETH — worth approximately $100 million — from the bridge. Both attempts were blocked. Kelp's emergency multisig had paused core contracts 46 minutes after the initial drain, and LayerZero moved rapidly to blacklist the associated packet signatures. According to Cyvers, the attackers came within roughly three minutes of successfully executing the second wave before the defensive response cut them off.
7. Contagion Across DeFi Lending Markets
The theft triggered a substantial secondary market reaction. The attacker moved stolen tokens into Aave V3, depositing rsETH as collateral to borrow large quantities of WETH. This created a bad debt risk on Aave, prompting the protocol to freeze rsETH markets on both its V3 and V4 deployments. Total value locked on Aave dropped to $17.5 billion — a decline of $8.8 billion over two days. Broader DeFi markets also retreated, with total value locked across all chains falling from over $99 billion to approximately $86 billion, a decline of roughly seven percent. Dozens of protocols operating LayerZero's OFT (omnichain fungible token) bridges, including Ethena, ether.fi, Tron DAO, and Curve Finance, proactively froze their LayerZero integrations out of caution while assessments were conducted.
8. LayerZero's Protocol-Level Response
In the wake of the incident, LayerZero announced that it would no longer sign messages for any application running a 1-of-1 DVN configuration going forward, effectively mandating a protocol-wide migration to multi-verifier setups. The company confirmed that all affected RPC nodes have been deprecated and replaced, and that its DVN is fully operational. LayerZero emphasized that the attack was confined to Kelp's rsETH bridge and found no evidence of vulnerability or contagion affecting any other application or token operating under multi-verifier configurations. The company said it is working with multiple law enforcement agencies globally, in addition to collaborating with blockchain security organization SEAL, to trace and potentially recover the stolen assets.
9. A Pattern of Escalating North Korean Attacks
The Kelp DAO breach is the second major DeFi exploit in April attributed to North Korean operators. Earlier in the month, the Drift Protocol lost approximately $285 million in an attack later tied to North Korean infiltration that reportedly involved a six-month social engineering campaign against governance signers. The two attacks combined represent more than $575 million drained from decentralized finance in an 18-day window, achieved through structurally distinct methods: the Drift incident exploited human access controls, while the Kelp incident focused on poisoning technical infrastructure. Security analysts have noted that Lazarus Group appears to be adapting its methods faster than the industry is hardening its defenses
10. Structural Lessons for Cross-Chain Security
Industry voices in the aftermath of the exploit pointed to a broader architectural concern. Shalev Keren, co-founder of cryptographic security firm Sodot, described the setup as "a single point of failure, regardless of what the marketing calls it," arguing that no audit could have remediated the flaw without removing unilateral trust from the architecture entirely. Haoze Qiu, Blockchain Lead at Grvt, suggested that LayerZero also carries a degree of accountability given the compromise involved infrastructure within its validator stack, even absent a core protocol bug. Researchers at Presto noted that the pattern of high-profile exploits in 2026 will likely accelerate industry movement toward tighter risk management, improved architectural standards for cross-chain systems, and a broader re-evaluation of whether current DeFi yield opportunities adequately compensate users for the security risks involved.