KelpDAO reportedly lost nearly $290 million in a major incident tied to layerzero hack concerns. Early reports linked the breach to the Lazarus Group, after attackers exploited LayerZero-related infrastructure on April 18.
How the attack unfolded
The incident did not target core protocol code or private keys. Instead, the attackers focused on operational weak points in the RPC systems that supported LayerZero’s verification network.
Moreover, they reportedly used a DDoS attack to disrupt normal service and force a switch to backup nodes. Those backup nodes were also compromised, allowing false verification signals to pass and transactions that never happened to be approved.
A major factor was KelpDAO’s 1-of-1 verification setup. With only one verifier in place, the system had no redundancy to cross-check results, even though LayerZero had recommended multiple verifiers.
That left a clear single verifier risk, and once the verifier path was manipulated, the system became far easier to exploit.
Impact and response
Despite the scale of the reported losses, the damage appears limited in scope. Reports say the issue affected KelpDAO’s rsETH product, while other assets and applications were not impacted.
However, LayerZero said operations were restored after compromised components were replaced. The company also said there was no contagion to other integrations.
Investigations remain ongoing to trace the stolen funds and reconstruct the chain of events. The kelpdao attack report now highlights how a defi security breach can stem from infrastructure and configuration failures, not only from code flaws.
That said, the case also underscores the importance of cross chain verification, redundancy, and operational resilience in DeFi systems. It is another reminder that a rpc infrastructure compromise can be as damaging as a smart-contract exploit.
For now, the incident stands as a warning for protocols that depend on layered verification. Security teams must treat infrastructure design as seriously as contract logic, especially when cross-chain workflows are involved in approval processes.
The kelpdao attack shows how quickly weak operational controls can magnify a technical breach, while the lazarus group theft narrative keeps the focus on evolving threats across DeFi.
Go to Source
Author: NixCoin