In a stunning turn of events that would make even the most jaded observer raise an eyebrow, a mere $290 million was whisked away from KelpDAO’s cross-chain bridge on April 18-an event so catastrophic it sent tremors through the DeFi landscape, resulting in a staggering $13 billion vanishing into the ether within just two days. LayerZero, in its infinite wisdom, has pointed fingers at North Korea’s Lazarus Group, because who else would be brazen enough to pull off such a heist?
- In what CoinDesk has aptly described as 2026’s most audacious DeFi caper, attackers pilfered 116,500 rsETH, valued at approximately $290 million, from KelpDAO’s LayerZero-powered bridge.
- LayerZero, ever the harbinger of bad news, confidently attributes this debacle to the notorious Lazarus Group, specifically its cheeky subunit known as TraderTraitor-because why not add a bit of flair to international cybercrime?
- The fallout from this digital debacle was nothing short of apocalyptic, with over $13 billion in outflows from prominent DeFi platforms like Aave, which promptly froze markets for rsETH in both its V3 and V4 incarnations. How delightful!
On that fateful day, attackers skillfully drained 116,500 rsETH-approximately $290 million-from the KelpDAO bridge, marking a new zenith of DeFi misadventure. LayerZero, the backbone of this ill-fated infrastructure, declared their preliminary findings on Monday, suggesting that we were indeed graced by the presence of a “highly sophisticated state actor,” conveniently placing the blame on our friends from the DPRK.
KelpDAO Hack Triggers $13 Billion DeFi Meltdown
The hacker’s masterstroke involved compromising two remote procedure call nodes essential for LayerZero’s verification process, then unleashing a deluge of junk traffic to divert attention and force a failover to tainted backups. Once the verifier unwittingly endorsed a fabricated transaction, voilà! The bridge released $290 million in rsETH to a wallet controlled by the attacker. Like a true magician, the malware then self-destructed, erasing all evidence faster than you can say “forensic investigation.” In a delightful twist, reports indicated that Aave experienced over $10 billion in outflows alone, its total value locked plummeting from $45.8 billion to a mere $35.7 billion as users dashed for the exits. As UPI reported, more than $13 billion evaporated from the total value locked across DeFi platforms in the aftermath of this calamity. Truly a remarkable feat of financial acrobatics!
LayerZero and KelpDAO Trade Blame Over Security Configuration
As is customary in the world of high-stakes finance, a bitter squabble has erupted over who exactly should shoulder the blame for this debacle. LayerZero, ever eager to distance itself from responsibility, claimed that KelpDAO opted for a reckless 1-of-1 decentralized verifier network configuration-a glaring single point of failure they had warned about ad nauseam. KelpDAO, however, retorted with a flourish, insisting that their configuration adhered to LayerZero’s prescribed defaults, and that the compromised validator was part and parcel of LayerZero’s own infrastructure. Independent security researchers, including a developer from Yearn Finance, have pointed out that LayerZero’s public deployment code is riddled with single-source verification defaults across major chains, effectively undermining their insistence that KelpDAO had strayed off the beaten path.
What the Hack Means for DeFi Security and Institutional Confidence
Remarkably, this KelpDAO exploit is merely the second substantial breach linked to Lazarus this month, trailing only the $285 million Drift Protocol attack on April 1. With a total DeFi windfall exceeding $575 million for the month, one can only imagine the jubilation in certain corners of Pyongyang. Meanwhile, the attacker has begun the tedious process of laundering the stolen funds, navigating a labyrinthine route through Arbitrum and into Tron-based stablecoins-because who doesn’t enjoy a little financial mischief? Jefferies has ominously warned that such high-profile hacks could temporarily dampen Wall Street’s enthusiasm for tokenization projects, prompting institutions to reassess the inherent security risks nestling within DeFi bridge infrastructures. LayerZero has assured us that there is no contagion affecting applications employing multi-verifier configurations, but has nonetheless ushered in a protocol-wide migration away from those pesky single-validator setups. Progress, it seems, is often born of calamity.
Read More
- Gold Rate Forecast
- ETH PREDICTION. ETH cryptocurrency
- Brent Oil Forecast
- USD TRY PREDICTION
- EUR INR PREDICTION
- EUR PLN PREDICTION
- Warning: Binance-Listed Siren Token Rallies 30X—Here’s Why You Should Stay Away
- Bitcoin’s Rally: The Unlikely Hero of the Financial World! 🚀💰
- Altcoins About to Explode? You Won’t Believe What’s Next for These 4 in May 2025 🚀
- 😱 Apple’s Cryptocurrency Catastrophe: Hackers Steal Your Coins Without You Even Blinking! 🚨
2026-04-23 00:16