KelpDAO suffered a $290 million loss on April 18 in a sophisticated security breach linked to the Lazarus Group, specifically an actor known as TraderTraitor, according to early reports. The attack targeted LayerZero infrastructure and exploited configuration weaknesses in KelpDAO’s verification systems. David Schwartz noted on April 20, 2026, that “the attack was way more sophisticated than I expected and aimed at LayerZero infrastructure taking advantage of KelpDAO laziness.”
How the Attack Happened
The attack employed a multi-stage approach rather than a simple exploit. Attackers first targeted the RPC system used by LayerZero’s verification network, then launched a DDoS attack to disrupt normal operations. When the system switched to backup nodes, attackers executed their key objective: those backup nodes had already been compromised, allowing them to send false signals and confirm transactions that never actually occurred. Notably, no core protocol or private keys were broken. Instead, the attack exploited weak points in the system’s configuration, demonstrating the sophistication of modern cyber threats.
Single Point of Failure as Root Cause
The fundamental vulnerability stemmed from KelpDAO’s configuration design. The platform relied on a 1-of-1 verification setup, meaning only a single verifier confirmed transactions with no backup verification layer. Once that single system was compromised, the attack succeeded without any secondary defense. Experts noted this created a clear single point of failure. LayerZero had previously recommended using multiple verifiers, and a multi-layer verification setup could have prevented the attack entirely.
Impact and Scope
While the loss was substantial, damage remained contained to a specific area. Reports confirm the breach affected only KelpDAO’s rsETH product, with other assets and applications remaining unaffected. LayerZero quickly replaced the compromised systems and restored normal operations. Teams are working with investigators to track the stolen funds. The incident has raised industry-wide concerns about configuration security in advanced systems.
Implications for Crypto Security
The incident underscores that security depends not only on code strength but also on system configuration and management practices. The involvement of the Lazarus Group—a cyber group historically linked to large-scale exploits—adds significant concern, as their methods continue to evolve. Going forward, projects may increasingly prioritize redundancy and risk control mechanisms. Multi-layer verification could become an industry standard. The KelpDAO attack serves as a warning that even one weak point in system architecture can result in massive losses. As the crypto space expands, security practices must evolve proportionally.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Polish Exchange Zondacrypto Halts Operations; Customers Lost $95 Million, May Seek State Compensation
Gate News message, April 23 — Polish cryptocurrency exchange Zondacrypto has ceased operations this week amid solvency issues, with prosecutors identifying hundreds of potential victims who have lost access to at least 350 million Polish zloty (approximately $95 million). Prosecutors stated that
GateNews31m ago
19-Year-Old Chinese Student Trafficked to Myanmar Scam Ring, Family Pays $30K USDT Ransom But Victim Still Held
Gate News message, April 23 — A 19-year-old first-year university student from Guangdong, China, was trafficked to a fraud operation in Myanmar's Shan State after being lured to Thailand on April 10 under the guise of attending a water festival. After being intercepted in Bangkok, she was sold to a
GateNews1h ago
KelpDAO Advances on Recovery Plan, Prioritizes User Protection
Gate News message, April 23 — KelpDAO announced it is actively advancing a recovery solution following a recent security incident, with discussions progressing in a positive direction over the past few days. The project emphasized its core principle of "user first," stating that all subsequent
GateNews4h ago
Aave Ethereum Frozen Amid USDC Liquidity Crisis; Circle Proposes Emergency Rate Hike to 48%
Gate News message, April 23 — Aave's Ethereum platform has been frozen for nearly four days as USDC utilization reached 99%, locking approximately $1.86 billion in user funds. Circle's chief economist, Gordon Liao, has proposed an emergency governance intervention to address the crisis, marking a ra
GateNews5h ago
Peter Schiff calls the Strategy STRC a Ponzi scheme, criticizing the SEC for inadequate regulation
Bitcoin critics and gold supporter Peter Schiff posted on X on April 23, saying that the STRC perpetual preferred stock introduced by MicroStrategy (Strategy) is “the most obvious Ponzi scheme to date,” and criticizing the U.S. Securities and Exchange Commission (SEC) for failing to effectively stop Michael Saylor from promoting STRC.
MarketWhisper5h ago
China Investment Guarantee Issues Statement Denying Unauthorized Use of Name in Fake Financial Products
Gate News message, April 23 — China Investment Guarantee (CITIC Guarantee) issued a statement on April 23 clarifying that unauthorized individuals have falsely claimed the company is partnering with Nippon Life India Asset Management (Singapore) Pte. Ltd., commonly known as NAMS, and is
GateNews6h ago
