LayerZero Blames North Korea's Lazarus Group for $290M Kelp DAO Exploit; Kelp Says LayerZero's Defaults Are to Blame

LayerZero, the cross-chain messaging protocol at the center of last weekend's $290 million exploit of restaking platform Kelp DAO, published an incident statement on April 19 attributing the attack to North Korea's Lazarus Group and placing responsibility for the loss on Kelp's choice to run a single-verifier configuration. Kelp DAO, in response on X, argues the configuration in question was LayerZero's own documented default.

The dispute is now the focal point of the largest DeFi exploit of 2026 and has driven more than $13 billion out of DeFi total value locked in two days, with knock-on risk exposure for Aave estimated at up to $230 million.

The attribution

In its statement, LayerZero writes that "on April 18, 2026, LayerZero Labs' DVN became the target of a highly sophisticated attack, likely attributable to the Lazarus Group, more specifically TraderTraitor." TraderTraitor is the FBI-designated label for a North Korean hacking sub-group responsible for prior multi-hundred-million-dollar crypto thefts including the $308 million Bitcoin.DMM.com heist.

LayerZero describes the method as an "RPC-spoofing attack" rather than a protocol exploit. The attackers gained access to the list of remote procedure call (RPC) nodes used by LayerZero's DVN, compromised two of them — running on separate clusters — and "swap[ped] out binaries running the op-geth nodes," according to the post-mortem. They combined this with a DDoS against uncompromised RPCs to force LayerZero's verifier to failover to the poisoned nodes.

"It was not done through an exploit to the protocol, DVN, key management or other means," the statement says.

The DVN dispute

The heart of the dispute is Kelp's "1-of-1 DVN setup," in which LayerZero Labs acted as sole verifier on Kelp's rsETH cross-chain route. LayerZero's statement calls this "a configuration that directly contradicts the multi-DVN redundancy model that LayerZero has consistently recommended to all integration partners," and says that "LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration."

Going forward, LayerZero says its Labs DVN "will not sign or attest messages from any applications that utilize a 1/1 configuration."

Kelp DAO pushed back in a public X statement on Monday. In comments quoted across crypto outlets, the protocol said the compromised verifier infrastructure was LayerZero's own, and that the 1-of-1 DVN setup at issue reflects LayerZero's documented onboarding default. Kelp also said its direct communications channel with LayerZero — open since July 2024 — contained no specific recommendation to change the rsETH DVN configuration.

Independent observers have noted that LayerZero's own quickstart guide and default GitHub configuration point to the same 1/1 structure, and that roughly 40% of protocols on LayerZero currently run that setup.

What was stolen and what's contained

The attacker drained approximately 116,500 rsETH — about 18% of rsETH's 630,000-token circulating supply — at 17:35 UTC on Saturday, April 18. Losses are put at $290–292 million depending on the price reference used.

LayerZero says the damage is bounded. "There is zero contagion to any other cross-chain assets or applications," the post-mortem states, describing the incident as "isolated entirely to KelpDAO's rsETH configuration as a direct consequence of their single-DVN setup."

Aave, the largest DeFi lending protocol, is nonetheless exposed: rsETH served as collateral for borrowers on Aave, and with much of the backing now drained, estimates of Aave's potential loss from positions collateralized by rsETH run up to $230 million. DeFi total value locked has dropped more than $13 billion in two days, according to CoinDesk. Lending protocols have begun freezing affected markets as users withdraw.

For Kelp DAO, the exploit is the largest in the protocol's history. For LayerZero, it is the first time its DVN infrastructure has been directly compromised at scale, and the fallout — a public dispute with a major integration partner over where responsibility lies for default configurations — will shape how the industry treats single-verifier setups going forward.