KelpDAO suffered a $290 million loss on April 18 in a sophisticated security breach linked to the Lazarus Group, specifically an actor known as TraderTraitor, according to early reports. The attack targeted LayerZero infrastructure and exploited configuration weaknesses in KelpDAO’s verification systems. David Schwartz noted on April 20, 2026, that “the attack was way more sophisticated than I expected and aimed at LayerZero infrastructure taking advantage of KelpDAO laziness.”
How the Attack Happened
The attack employed a multi-stage approach rather than a simple exploit. Attackers first targeted the RPC system used by LayerZero’s verification network, then launched a DDoS attack to disrupt normal operations. When the system switched to backup nodes, attackers executed their key objective: those backup nodes had already been compromised, allowing them to send false signals and confirm transactions that never actually occurred. Notably, no core protocol or private keys were broken. Instead, the attack exploited weak points in the system’s configuration, demonstrating the sophistication of modern cyber threats.
Single Point of Failure as Root Cause
The fundamental vulnerability stemmed from KelpDAO’s configuration design. The platform relied on a 1-of-1 verification setup, meaning only a single verifier confirmed transactions with no backup verification layer. Once that single system was compromised, the attack succeeded without any secondary defense. Experts noted this created a clear single point of failure. LayerZero had previously recommended using multiple verifiers, and a multi-layer verification setup could have prevented the attack entirely.
Impact and Scope
While the loss was substantial, damage remained contained to a specific area. Reports confirm the breach affected only KelpDAO’s rsETH product, with other assets and applications remaining unaffected. LayerZero quickly replaced the compromised systems and restored normal operations. Teams are working with investigators to track the stolen funds. The incident has raised industry-wide concerns about configuration security in advanced systems.
Implications for Crypto Security
The incident underscores that security depends not only on code strength but also on system configuration and management practices. The involvement of the Lazarus Group—a cyber group historically linked to large-scale exploits—adds significant concern, as their methods continue to evolve. Going forward, projects may increasingly prioritize redundancy and risk control mechanisms. Multi-layer verification could become an industry standard. The KelpDAO attack serves as a warning that even one weak point in system architecture can result in massive losses. As the crypto space expands, security practices must evolve proportionally.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
U.S. Special Operations Forces Chief Warrant Officer Arrested: Used Classified Intelligence to Bet on Maduro on Polymarket, Profited $400k
The U.S. Department of Justice in the Southern District of New York has indicted U.S. Army Special Forces officer chief Gannon Ken Van Dyke, alleging that he used classified information to bet on Polymarket on the outcome of Maduro’s arrest, earning approximately $409,881 (13 transactions, 2025-12-27 to 2026-1-26). The charges include illegal use of confidential information, theft of nonpublic information, commodity transaction fraud, wire fraud, and illegal money transactions, among others. It is described as the first federal prosecution centered on insider trading and arbitrage with a prediction market, which may affect future regulatory directions.
ChainNewsAbmedia22m ago
Spanish Police Seize €400K in Crypto from Illegal Manga Piracy Platform, 3 Arrested
Gate News message, April 24 — Spanish police in Almería seized two cryptocurrency cold wallets containing approximately €400,000 during a raid on the country's largest illegal manga distribution platform. Three individuals were arrested in connection with the operation, which was initiated
GateNews1h ago
OFAC Sanctions Cambodian Senator Over Crypto Scam Network
OFAC Sanctions Cambodian Senator Over Crypto Scam Network
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Cambodian senator Kok An, who is accused of controlling "scam compounds" throughout Cambodia that have defrauded Americans. OFAC designated An and 28 other
CryptoFrontier2h ago
U.S. sanctions Cambodian officials’ billion-dollar scam resort! Tether freezes more than $344 million in USDT
The U.S. Treasury Department and the Department of Justice have recently launched a joint law enforcement action targeting “pig butchering” romance scams involving cryptocurrencies that have become increasingly rampant in Southeast Asia. In an official announcement, the government has imposed sanctions on Cambodian Senator Kok An and 28 individuals and entities within his criminal network, accusing them of using political influence and their network of casino compounds to shelter large-scale fraud and human trafficking activities. Estimates indicate that these scam operations have led to losses for U.S. residents of as much as $10 billion in a single year. In conjunction with this crackdown, the stablecoin issuer Rether has also frozen more than $344 million in digital assets involved in the case.
Romance “Pig Butchering” scams: U.S. residents lose over $10 billion in a single year
In recent years, multinational criminal organizations based in Southeast Asia have made extensive use of the scam method known as “Pig Butchering.” Scammers will, through social media or messaging apps, spend months
ChainNewsAbmedia2h ago
U.S. Army Soldier Arrested for Using Classified Intel to Bet on Maduro's Capture on Polymarket
Gate News message, April 24 — The U.S. Department of Justice has arrested active-duty Army soldier Gannon Ken Van Dyke, 38, on charges of using confidential information to place bets on Polymarket, a prediction market, regarding former Venezuelan President Nicolás Maduro's capture. Van Dyke particip
GateNews2h ago
