•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
LayerZero said North Korea’s Lazarus Group is the likely actor behind the Kelp DAO exploit that drained 116,500 rsETH worth about $292 million. The company said early indicators point to a “highly-sophisticated state actor,” naming “DPRK’s Lazarus Group, more specifically TraderTraitor” in its latest statement.
LayerZero said the attacker gained access to the list of RPC nodes used by LayerZero Labs’ decentralized verified network (DVN). The company said the attacker then poisoned two of those nodes so they delivered a fake cross-chain message to the verifier network.
At the same time, LayerZero said the attacker launched a DDoS attack against clean nodes, pushing the DVN to rely on the poisoned nodes. LayerZero said this combination allowed the forged message to pass through and trigger the token unlock that led to the loss.
LayerZero said the damage was made possible by Kelp DAO’s single 1-of-1 DVN setup, with no backup verifier. The company said this created a single point of failure, leaving no independent check to reject the forged message before the bridge released funds.
In its statement, LayerZero said “operating a single-point-of-failure configuration meant there was no independent verifier to catch and reject a forged message.” It also said “LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO.”
LayerZero added that it will no longer sign messages for applications that use a 1/1 DVN setup.
LayerZero said the attacker moved stolen rsETH to Aave V3 and used it as collateral to borrow large amounts of WETH. The resulting concern over possible bad debt led Aave to freeze rsETH markets on both V3 and V4.
Aave founder Stani Kulechov said “RsETH has been frozen on Aave V3 and V4” and added that the asset no longer has borrowing power because of the Kelp DAO bridge exploit.
Historical data from Aavescan showed more than $10 billion left Aave after the attack, with total supplied funds falling to $35.7 billion from $45.8 billion.
DefiLlama data showed DeFi total value locked dropped 7% in 24 hours to about $86.3 billion, down from $99.5 billion on April 18. LayerZero said there is “zero contagion” for other assets or applications using multi-DVN setups, while law enforcement efforts to trace the funds continue.
The fallout extended beyond Aave. Several DeFi protocols, including Ethena, ether.fi, Tron DAO, and Curve Finance, paused LayerZero OFT bridges as a precaution.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
