LayerZero Blames Kelp’s 1-of-1 Verifier Setup for $290M Exploit, Ties It to North Korea’s Lazarus

LayerZero said the $290 million KelpDAO exploit was enabled by the protocol’s single-verifier setup, which it said left the bridge exposed to a targeted infrastructure attack. The company said preliminary indicators point to North Korea’s Lazarus Group, specifically its TraderTraitor subunit.

Attackers Poisoned RPC Nodes and Forced Failover With a DDoS

The attack targeted infrastructure rather than protocol code. Attackers compromised two of the remote procedure call (RPC) nodes that LayerZero’s verifier relied on to confirm cross-chain transactions. They replaced the binary software on those nodes with malicious versions designed to report a fraudulent transaction to LayerZero’s verifier while continuing to feed accurate data to every other system querying the same nodes.

That selective manipulation was engineered to evade LayerZero’s monitoring, which queries the same RPCs from different IP addresses. Compromising two nodes alone was not enough, since the verifier also queried uncompromised external RPCs. The attackers ran a distributed denial-of-service attack on those clean nodes to force failover to the poisoned ones.

Traffic logs LayerZero shared show the DDoS running between 10:20 a.m. and 11:40 a.m. Pacific Time on Saturday. Once the failover triggered, the compromised nodes confirmed a fraudulent cross-chain message, and KelpDAO’s bridge released 116,500 rsETH to the attackers. The malicious node software then self-destructed, wiping binaries and local logs.

LayerZero Says Kelp Ran 1-of-1 Verification Despite Multi-DVN Warnings

The attack succeeded because Kelp ran a 1-of-1 verifier configuration, meaning LayerZero Labs was the sole entity verifying messages to and from the rsETH bridge. LayerZero’s public integration checklist and direct communications to Kelp had recommended a multi-verifier setup requiring consensus across several independent verifiers to confirm a message.

“KelpDAO chose to utilize a 1/1 DVN configuration,”

LayerZero wrote, using the protocol’s term for decentralized verifier networks.

“A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised.”

Under a multi-verifier setup, poisoning one verifier’s data feed would not have been enough to forge a valid message. Kelp has not yet publicly responded to LayerZero’s framing or addressed why it operated a single-verifier setup despite the recommendations.

Attack Isolated to Kelp as Other Multi-Verifier Apps Remain Safe

LayerZero said it has confirmed zero contagion to any other application. Every OFT-standard token and application running multi-verifier setups was unaffected. The LayerZero Labs verifier is back online.

If the exploit had stemmed from a protocol-level bug, every OFT token on every chain could have faced potential exposure. Based on LayerZero’s account, the issue was isolated to Kelp’s configuration and the targeted attack path. LayerZero said it will no longer sign messages for any application running a 1-of-1 configuration, forcing a protocol-wide migration off single-verifier setups.

Lazarus Group Now Has Drained Over $575 Million From DeFi in 18 Days

LayerZero’s preliminary attribution to North Korea’s Lazarus Group and its TraderTraitor subunit places the Kelp exploit alongside the $280 million Drift Protocol attack on April 1. If the attribution holds, the same North Korean unit has drained more than $575 million from DeFi in 18 days through two structurally different vectors: social engineering governance signers at Drift and poisoning infrastructure RPCs at Kelp.