KelpDAO Loses $290M in Lazarus Group Attack on LayerZero

A major security breach has shaken the crypto market after KelpDAO lost nearly $290 million in a recent Attack. Early reports suggest the incident is linked to the Lazarus Group, more specifically, TraderTraitor.   Lazarus Group is a well-known cyber group often tied to large scale exploits.

The attack was way more sophisticated than I expected and aimed at LayerZero infrastructure taking advantage of KelpDAO laziness. https://t.co/eunWHvBPl6

— David 'JoelKatz' Schwartz (@JoelKatz) April 20, 2026

The Attack took place on April 18 and targeted systems connected to LayerZero. While the scale of the loss is large, the damage appears contained to a single part of the system.

How the Attack Happened

This was not a simple hack. The Attack used a complex method that combined multiple steps. First, attackers targeted the RPC system used by LayerZero’s verification network. They then launched a DDoS attack to disrupt normal operations. As a result, the system switched to backup nodes. However, these backup nodes had already been compromised. This allowed attackers to send false signals and confirm transactions that never actually happened. Importantly, no core protocol or private keys were broken. Instead, the Attack focused on weak points in the setup. This shows how advanced cyber threats have become.

Single Point of Failure Made It Worse

The biggest issue came from KelpDAO’s configuration. The platform relied on a 1-of-1 verification setup. This means only one verifier was used to confirm transactions. Because of this, there was no backup check in place. Once that single system was tricked, the Attack succeeded. Experts say this created a clear single point of failure. LayerZero had already recommended using multiple verifiers. A multi-layer setup could have stopped the attack. Without it, the system had no defense once compromised.

Impact Limited but Concerns Remain

The damage was large, but it did not spread across the entire network. Reports confirm that the issue only affected KelpDAO’s rsETH product. Other assets and applications remained safe. LayerZero quickly replaced the compromised systems. It also restored normal operations. At the same time, teams are working with investigators to track the stolen funds. Even so, the Attack has raised concerns across the industry. It highlights how even advanced systems can face risks if not configured properly.

What This Means for Crypto Security

This incident sends a strong message. Security is not just about strong code. It also depends on how systems are set up and managed. The involvement of the Lazarus Group adds another layer of concern. This group has been linked to several major attacks in the past. Their methods continue to evolve. Going forward, projects may focus more on redundancy and risk control. Multi-layer verification could become the new standard. For now, the KelpDAO Attack serves as a warning. Even one weak point can lead to massive losses. As the crypto space grows, security must grow with it.