$290 Million Kelp DAO Crypto Heist Blamed on North Korea

North Korea-linked Lazarus Group has been blamed for a $290 million cryptocurrency heist from the Kelp DAO DeFi protocol. The attack occurred at 17:35 UTC on Sunday, when the attackers delivered a malicious instruction to drain 116,500 rsETH (restaked ether), worth roughly $292 million. Following the heist, Kelp paused relevant contracts and blacklisted the attackers’ wallet, which resulted in a second attack that targeted an additional 40,000 rsETH (worth roughly $95 million) being blocked. A liquid restaking protocol, Kelp DAO routes user-deposited ETH through the restaking protocol EigenLayer to earn additional rewards, and issues rsETH. Kelp DAO relies on a ‘1-of-1 verifier configuration’ to validate instructions, and the attackers targeted it to poison the verification process and drain funds. For that, they targeted LayerZero, the cross-chain messaging infrastructure that allows blockchains to send verified instructions. LayerZero’s Decentralized Verifier Network (DVN) relies on multiple RPCs (Remote Procedure Calls) to check the integrity of cross-chain instructions, and the hackers managed to compromise and poison two of them. “They used this pivot point to execute an RPC-spoofing attack. Their malicious node used a custom payload designed explicitly to forge a message to the DVN with minimal warnings,” LayerZero says. The attackers then launched a distributed denial-of-service (DDoS) attack against the remaining RPCs, triggering a failover to the poisoned ones and allowing the hackers’ malicious instructions to pass as valid. LayerZero says the heist was the result of a highly sophisticated attack likely mounted by TraderTraitor, a subgroup within the infamous North Korean APT Lazarus Group that has been blamed for multiple cryptocurrency heists over the past several years. According to LayerZero, the heist could have been prevented had Kelp DAO implemented a multi-DVN setup, which is industry best practice. “This means no single DVN should represent a unilateral point of trust or failure,” LayerZero says, noting it has previously recommended Kelp DAO migrate from its single-DVN configuration. “LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration,” it says. Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero. “Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes. Kelp says it is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist. Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value. According to Binance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins. Related: North Korean Hackers Drain $285 Million From Drift in 10 Seconds Related: International Operation Targets Multimillion-Dollar Crypto Theft Schemes Related: US Charges Uranium Crypto Exchange Hacker Related: Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks Two North Korean IT Worker Scheme Facilitators Jailed in the US Cursor AI Vulnerability Exposed Developer Devices 53 DDoS Domains Taken Down by Law Enforcement Artemis Emerges From Stealth With $70 Million in Funding Splunk Enterprise Update Patches Code Execution Vulnerability NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Latest News Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking British Scattered Spider Hacker Pleads Guilty in the US Hackers Abuse QEMU for Defense Evasion Bluesky Disrupted by Sophisticated DDoS Attack Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House Half of the 6 Million Internet-Facing FTP Servers Lack Encryption Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Anti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors. ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer. Thomas Bain has been appointed Chief Marketing Officer at Silent Push. More People On The Move Expert Insights Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Email