LayerZero says North Korea’s Lazarus likely behind Kelp DAO exploit; blames single-point setup

LayerZero has identified North Korea's Lazarus Group, specifically the TraderTraitor subgroup, as the likely perpetrator of the Kelp DAO exploit that resulted in the loss of approximately $292 million in rsETH tokens. LayerZero explained that the attacker gained access to the list of RPC nodes for LayerZero Labs' decentralized verified network (DVN), poisoned two nodes, and used a DDoS attack to force the DVN to rely on the compromised nodes. LayerZero attributed the success of the exploit to Kelp DAO's decision to use a single 1-of-1 DVN setup without redundancy, which allowed a forged message to be accepted. LayerZero stated there is no contagion to other assets or applications and will no longer sign messages from apps using a 1/1 DVN configuration. The exploit also impacted Aave, causing significant fund outflows after the attacker used stolen rsETH as collateral, leading Aave to freeze rsETH markets. The incident has prompted numerous DeFi protocols to freeze their LayerZero OFT bridges and highlighted structural vulnerabilities in cross-chain infrastructure.

(Source：The Block)