LayerZero Attributes $290 Million Kelp DAO Exploit to North Korean Lazarus Group

LayerZero has identified a critical security failure in Kelp DAO's setup as the primary cause of a $290 million exploit. The company asserts that the liquid restaking protocol ignored explicit warnings by utilizing a single-verifier configuration, creating a vulnerability that was exploited by external actors. Preliminary investigations attribute the attack to the Lazarus Group, a North Korean state-sponsored entity, and its TraderTraitor subunit. This incident follows a similar breach of Drift Protocol on April 1, bringing the total amount drained by the group from DeFi protocols to over $575 million in less than three weeks. The attackers targeted the infrastructure layer by compromising two remote procedure call (RPC) nodes. By deploying malicious software and launching a distributed denial-of-service (DDoS) attack to force a failover, the attackers tricked the verifier into authorizing the release of 116,500 rsETH. The malicious software subsequently self-destructed to erase logs. LayerZero emphasized that the protocol functioned as intended and that no other applications were affected due to their use of multi-verifier setups. In response, LayerZero Labs announced it will no longer support 1-of-1 configurations, mandating a protocol-wide migration to more secure, redundant setups to prevent future infrastructure-level attacks.