Gate News message, April 20 — LayerZero released preliminary findings on the Kelp DAO exploit that occurred on April 18, attributing the attack to a highly sophisticated state-backed threat actor, likely North Korea’s Lazarus Group subgroup known as TraderTraitor. The incident resulted in the loss of 116,500 rsETH tokens worth approximately $292 million, marking the largest DeFi exploit this year.
According to LayerZero’s investigation, attackers gained access to the list of RPC nodes used by LayerZero Labs’ decentralized verifier network (DVN), a system of independent entities responsible for validating cross-chain messages. Two nodes were poisoned to transmit a fraudulent message, while attackers simultaneously launched a distributed denial-of-service attack against uncompromised nodes. The forged message was accepted because Kelp DAO configured its bridge using a single 1-of-1 DVN setup with no secondary verifier to detect or reject the fraudulent transaction. LayerZero had previously advised Kelp DAO to diversify its DVN configuration. In response, LayerZero announced it will no longer sign messages for applications using 1/1 DVN configurations and is cooperating with law enforcement to track the stolen funds.
Separately, Ethereum Name Service gateway eth.limo disclosed that its domain hijacking on Friday, April 18, was caused by a social engineering attack targeting its service provider, easyDNS. An attacker impersonated an eth.limo team member and initiated an account recovery process, gaining access to the eth.limo account and modifying DNS settings to redirect traffic to Cloudflare-controlled infrastructure. The platform serves approximately two million decentralized websites using the .eth domain system. However, the Domain Name System Security Extension (DNSSEC) limited the damage by adding cryptographic verification to DNS records; because the attacker lacked the required signing keys, many DNS resolvers rejected the manipulated records, preventing malicious redirects. EasyDNS CEO Mark Jeftovic acknowledged the breach as the first successful social engineering attack against an easyDNS client in the company’s 28-year history and stated the company is implementing security improvements to prevent similar incidents.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Ethereum Foundation Sells 10K ETH To Bitmine OTC Deal
Ethereum Foundation sells 10K ETH through OTC to fund research, development, and ecosystem grants under treasury strategy.
Bitmine expands holdings through direct deals, nearing target to control about 5% of Ethereum total supply.
OTC transactions enable large crypto transfers with
CryptoFrontNews21m ago
ETH Liquidation Cascade: $635M Long Positions at Risk Below $2,217, $504M Shorts Exposed Above $2,430
Gate News message, April 26 — According to Coinglass data, if Ethereum falls below $2,217, cumulative long liquidations across major CEX platforms would reach $635 million. Conversely, if ETH surges above $2,430, cumulative short liquidations would total $504 million.
GateNews1h ago
Whale Liquidates 1,351 ETH and Opens $50.6M Bitcoin Short on Hyperliquid
Gate News message, April 26 — A whale address beginning with 0x310 opened a 16x leveraged Bitcoin short position on Hyperliquid over the past 30 minutes, with a notional value of $50.6 million across 653 BTC at an average price of $77,470. The liquidation price stands at $81,308, making it the
GateNews1h ago
Aave, Kelp, LayerZero Seek $71M Frozen ETH Release from Arbitrum DAO
Aave Labs, Kelp DAO, LayerZero, EtherFi, and Compound filed a Constitutional AIP on the Arbitrum forum Saturday morning requesting the network's DAO release approximately $71 million in frozen ETH to support rsETH recovery efforts following last week's $292 million Kelp DAO exploit. The proposal
CryptoFrontier2h ago
Ethereum Foundation Unstakes $48.9M Worth of ETH via Lido
Gate News message, April 26 — The Ethereum Foundation unstaked approximately $48.9 million worth of ETH 24 hours ago (April 25), according to Arkham's on-chain monitoring. The foundation deposited wstETH into Lido's unstETH contract as part of the unstaking process.
Once the unlock process
GateNews5h ago
Ethereum Spot ETFs See $23.38M Net Inflows Yesterday, Only BlackRock ETHB Posts Gains
Gate News message, April 26 — According to SoSoValue data, Ethereum spot ETFs recorded total net inflows of $23.38 million yesterday (April 25). BlackRock's Staked ETH ETF (ETHB) led all funds with single-day net inflows of $32.25 million, bringing its historical total net inflows to $32.25 million.
GateNews7h ago
