Kelp DAO Exploit Linked to Lazarus Group as $292 Million Loss Triggers DeFi Outflows

LayerZero reported that the $292 million exploit affecting Kelp DAO on April 18 is likely connected to the North Korean hacking collective Lazarus Group, specifically its subgroup known as TraderTraitor.

The breach resulted in the loss of 116,500 rsETH tokens, making it the largest decentralized finance exploit recorded so far this year. According to investigators, attackers accessed a list of remote procedure call (RPC) nodes used in the decentralized verified network (DVN). They reportedly compromised two nodes and delivered a forged cross-chain message, while launching a distributed denial-of-service attack to disable legitimate verification nodes.

Single-Point Configuration Blamed for Security Breakdown

The incident exposed a structural weakness in the bridge’s configuration. Kelp DAO had been operating a single 1-of-1 DVN setup, meaning there was no backup verification layer to detect forged transactions. LayerZero stated that recommendations had previously been made to adopt diversified verification systems, but those measures were not implemented.

Following the exploit, LayerZero confirmed that applications using multi-node verification remain operational, while new safeguards will prevent approval of transactions from single-DVN configurations in the future. Law enforcement agencies are currently assisting in tracking the stolen funds.

Aave Withdrawals Surge as DeFi Market Confidence Drops

The exploit triggered widespread effects across the decentralized finance ecosystem. The attacker reportedly moved stolen rsETH tokens into Aave, using them as collateral to borrow significant amounts of wrapped Ether, raising concerns about potential bad debt exposure.

In response, Aave froze rsETH markets on its V3 and V4 versions to limit risk. According to statements from Stani Kulechov, the asset was disabled from borrowing activity as a protective measure.

Market reaction was swift, with more than $10 billion withdrawn from Aave following the incident. The broader DeFi sector also experienced stress, with total value locked dropping 7% to approximately $86 billion, highlighting growing concerns about security vulnerabilities in cross-chain infrastructure.

Disclaimer

This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.