North Korean Hackers Exploit Cross-Chain Vulnerability in $292M KelpDAO Breach

Table of Contents Cross-chain infrastructure provider LayerZero has attributed a devastating security breach to the notorious Lazarus Group, a cybercriminal organization with ties to North Korea. The sophisticated attack successfully siphoned approximately $292 million worth of rsETH tokens from KelpDAO’s ecosystem. According to LayerZero’s investigation, the breach remained isolated to rsETH without contaminating other applications operating on the network. The breach exploited fundamental weaknesses in cross-chain transaction validation mechanisms within LayerZero’s Decentralized Verifier Network architecture. Investigators discovered that threat actors successfully compromised critical RPC infrastructure nodes, enabling them to inject fraudulent transaction confirmations. The attackers extracted 116,500 rsETH tokens, accounting for approximately eighteen percent of the asset’s circulating supply. LayerZero revealed that hackers substituted legitimate software binaries on two critical RPC nodes operating within the verification infrastructure. Furthermore, the attackers orchestrated coordinated denial-of-service campaigns targeting uncompromised nodes, forcing the system to depend on their malicious endpoints. These corrupted nodes transmitted falsified validation data while evading detection protocols designed to identify irregular network behavior. According to LayerZero’s technical analysis, the compromised infrastructure was engineered to mimic legitimate operational patterns when subjected to external surveillance. Upon completion of the theft, the attackers executed self-destruct protocols that eliminated traces of their intrusion across affected systems. Consequently, forensic investigators faced significant challenges due to the deliberate erasure of critical logs and system configurations. LayerZero highlighted that KelpDAO’s deployment relied on a single verifier configuration, contrary to established security recommendations advocating for diversified validation systems. The cross-chain protocol had previously counseled implementing multiple independent verifier networks to mitigate concentrated failure points. This architectural simplification created the vulnerability that attackers successfully exploited to manipulate transaction validation pathways. Following the security breach, KelpDAO immediately suspended rsETH smart contract operations across Ethereum mainnet and multiple layer two scaling solutions. LayerZero rapidly reconstituted its verifier infrastructure and launched migration protocols for applications operating under vulnerable configurations. LayerZero has subsequently implemented policy restrictions preventing transaction processing for any applications utilizing single verifier architectures. KelpDAO maintains active collaboration with blockchain security firms to establish comprehensive root cause analysis and fortify remaining infrastructure components. LayerZero actively coordinates with international law enforcement agencies and specialized blockchain forensic teams to trace the movement of stolen digital assets. This incident now stands as the most significant decentralized finance security breach documented throughout 2026. LayerZero verified that the security compromise remained confined to rsETH without affecting additional digital assets utilizing its cross-chain infrastructure. Following containment procedures, LayerZero deployed replacement RPC nodes and successfully restored complete network functionality. Applications configured with multi-verifier architectures resumed normal operations without experiencing additional security incidents. The breach generated secondary market pressures throughout decentralized finance platforms maintaining exposure to rsETH liquidity mechanisms. Additionally, various protocols implemented adjusted risk parameters to minimize continued exposure to the compromised collateral asset. Several lending platforms registered temporary contractions in their aggregate value locked metrics. KelpDAO sustains ongoing dialogue with ecosystem participants to stabilize affected protocol integrations. LayerZero maintains enforcement of enhanced verifier requirements across all network participants and connected applications. This security incident underscores persistent infrastructure vulnerabilities inherent to cross-chain validation architectures, despite demonstrated protocol-level resilience capabilities.