LayerZero has attributed the $290 million exploit of Kelp DAO to the protocol’s use of a single-verifier configuration, despite prior recommendations to implement a more secure multi-verifier setup.
The attack, which LayerZero preliminarily linked to North Korea’s Lazarus Group, involved compromising two RPC nodes and launching a DDoS attack on others to force the system into accepting falsified transaction data.
“KelpDAO chose to utilise a 1/1 DVN configuration,”
Said LayerZero, adding that a properly hardened multi-verifier system would have required consensus across independent verifiers and prevented the exploit.
LayerZero said the attackers replaced node software with malicious binaries that selectively fed false data to its verifier while maintaining normal responses elsewhere, allowing the breach to evade detection.
The exploit resulted in the fraudulent release of 116,500 rsETH tokens after the compromised infrastructure tricked the system into validating a fake cross-chain transaction, with the malicious software later self-destructing to erase traces.
LayerZero stressed the incident was not due to a protocol-level flaw and confirmed zero contagion across other applications using multi-verifier configurations, while announcing it will no longer support single-verifier integrations.
The breach follows another major exploit linked to Lazarus Group earlier in April, highlighting the group’s evolving tactics and raising concerns about DeFi security as attackers increasingly target infrastructure rather than smart contract code.