In a twist worthy of a penny dreadful, LayerZero has declared that the $290 million hack of KelpDAO was orchestrated by none other than North Korea’s Lazarus Group-a band of digital pirates so notorious, one might mistake them for protagonists in a poorly written spy novel. The core protocol, we are assured, emerged unscathed, as if it had been wearing an invisibility cloak while chaos erupted around it.
The incident report, released on April 20 with all the urgency of a Victorian widow’s gossip, revealed that the breach on April 18 targeted KelpDAO’s rsETH token via its LayerZero bridge. The attackers, with the finesse of a burglar in a slapstick comedy, drained 116,500 rsETH-nearly 18% of its supply-by convincing the system to hand over funds like a gentleman falling for a confidence trick.
LayerZero’s account of the attack reads like a detective novel’s climax. The Lazarus Group, also known as TraderTraitor (a name better suited to a villain in a children’s cartoon), allegedly poisoned RPC nodes feeding data to LayerZero’s Decentralized Verifier Network. They then launched a DDoS attack on legitimate nodes, forcing the DVN to validate phantom transactions-a performance so convincing, it might earn an Oscar for Best Supporting Illusion.
The exploit’s success hinged on KelpDAO’s decision to use a single 1/1 DVN setup, a configuration so reckless it’s akin to leaving your front door ajar in a neighborhood plagued by kleptomaniacs. LayerZero, ever the concerned neighbor, had “repeatedly advised” KelpDAO to adopt a multi-DVN architecture. One can only imagine the eye-rolls that accompanied those warnings.
Repairs were swift: compromised RPC nodes were shown the door, and DVN operations resumed within hours. LayerZero insisted the breach was “isolated” to KelpDAO’s rsETH, with “no contagion” to other assets-a claim as comforting as a damp handshake.
KelpDAO, realizing too late that it had been the belle of the ball’s most gullible guest, paused rsETH contracts across networks. They’re now conducting a root-cause analysis with LayerZero, Unichain, and a cadre of auditors-though one suspects the real culprit is hubris. Downstream platforms like Aave, ever the cautious chaperones, froze rsETH markets to avoid “bad debt exposure.”
In conclusion, LayerZero’s modular design allows apps to “choose their own security parameters,” which is corporate speak for “don’t blame us if you skimped on the locks.” A modern tragedy, indeed-one where the moral is: never trust a single point of failure, unless you enjoy funding North Korea’s next theater production.
Read More
- Trails in the Sky 2nd Chapter launches September 17
- Paradox codes (April 2026): Full list of codes and how to redeem them
- Crimson Desert’s Momentum Continues With 10 Incredible New Changes
- PRAGMATA ‘Eight’ trailer
- Pragmata Shows Off Even More Gorgeous RTX Path Tracing Ahead of Launch
- Hulu Just Added One of the Most Quotable Movies Ever Made (But It’s Sequel Is Impossible To Stream)
- After AI Controversy, Major Crunchyroll Anime Unveils Exciting Update
- Why is Tech Jacket gender-swapped in Invincible season 4 and who voices her?
- How Could We Forget About SOL Shogunate, the PS5 Action RPG About Samurai on the Moon?
- Xbox Game Pass Users “Blown Away” by New Exclusive Game
2026-04-20 09:09