{"id":83388,"date":"2026-04-20T10:31:33","date_gmt":"2026-04-20T10:31:33","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=83388"},"modified":"2026-04-20T10:31:33","modified_gmt":"2026-04-20T10:31:33","slug":"layerzero-breaks-silence-on-290-million-kelpdao-crypto-exploit","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=83388","title":{"rendered":"LayerZero Breaks Silence On $290 Million KelpDAO Crypto Exploit"},"content":{"rendered":"
\n

KelpDAO\u2019s $290 million rsETH exploit has moved into a new phase, with LayerZero and Aave now publicly outlining how the incident unfolded, why the damage appears contained, and what it could mean for crypto cross-chain security standards going forward.<\/p>\n

The central claim from LayerZero is that the exploit was not a failure of the protocol itself, but the result of KelpDAO\u2019s decision to run rsETH with a single-DVN configuration. That matters because the latest statements shift the market narrative away from generalized contagion risk across LayerZero-integrated assets and toward a narrower question: how much risk was concentrated in one application\u2019s security design.<\/p>\n

LayerZero Links KelpDAO Crypto Exploit To RPC Attack<\/h2>\n

In an incident statement<\/a> from April 20, LayerZero said the April 18 attack<\/a> targeted KelpDAO\u2019s rsETH setup and was \u201cisolated entirely to KelpDAO\u2019s rsETH configuration as a direct consequence of their single-DVN setup.\u201d The company added that it had conducted \u201ca comprehensive review of active integrations\u201d and could confirm \u201cwith confidence that there is zero contagion to any other asset or application.\u201d<\/p>\n

LayerZero framed the episode as a state-linked crypto infrastructure attack rather than a protocol exploit. According to the statement, \u201cpreliminary indicators suggest attribution to a highly-sophisticated state actor, likely DPRK\u2019s Lazarus Group, more specifically TraderTraitor.\u201d<\/p>\n

It said the attack did not compromise the protocol, key management, or the DVN instances directly. Instead, the attacker allegedly poisoned downstream RPC infrastructure used by the LayerZero Labs DVN, swapped binaries on compromised op-geth nodes, and then used DDoS pressure on uncompromised RPCs to force failover toward the poisoned infrastructure.<\/p>\n

That sequence is central to LayerZero\u2019s argument. \u201cBecause of our least-privilege principles, they were unable to compromise the actual DVN instances,\u201d the company wrote. \u201cHowever, they used this pivot point to execute an RPC-spoofing attack.<\/p>\n

Their malicious node used a custom payload designed explicitly to forge a message to the DVN with minimal warnings.\u201d LayerZero said the manipulated node presented false data only to the DVN while returning truthful responses to other IPs, including its own monitoring infrastructure, in what it described as a deliberately stealthy effort to avoid detection.<\/p>\n

Even so, LayerZero argues the exploit should have been stopped at the application layer had rsETH not relied on a 1-of-1 verifier setup. \u201cThe affected application was rsETH, issued by KelpDAO,\u201d the statement said. \u201cTheir OApp configuration at the time of this incident relied on a 1-of-1 DVN setup, with LayerZero Labs as the sole verifier \u2014 a configuration that directly contradicts the multi-DVN redundancy model that LayerZero has consistently recommended to all integration partners.\u201d<\/p>\n

It added that \u201ca properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised.\u201d<\/p>\n

The company said its DVN is live again, that affected RPC nodes have been deprecated and replaced, and that it will no longer sign or attest messages for applications using a 1\/1 configuration. It also said it is working with law enforcement and industry partners, including Seal911, to track funds.<\/p>\n

Aave said in an X update on late The protocol said its analysis shows \u201crsETH on Ethereum mainnet is fully backed,\u201d but added that \u201cout of an abundance of caution, rsETH remains frozen across Aave V3 and V4<\/a> and exposure to the incident is capped.\u201d WETH reserves also remain frozen across the affected markets on Ethereum, Arbitrum, Base, Mantle, and Linea<\/a> while the team continues to validate information and assess possible resolutions.<\/p>\n

At press time, the total crypto market cap stood at $2.5 trillion.<\/p>\n

\"Total<\/div>\n","protected":false},"excerpt":{"rendered":"

KelpDAO\u2019s $290 million rsETH exploit has moved into a new phase, with LayerZero and Aave now publicly outlining how the incident unfolded, why the damage appears contained, and what it could mean for crypto cross-chain security standards going forward. The central claim from LayerZero is that the exploit was not a failure of the protocol […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-83388","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/83388","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=83388"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/83388\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=83388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=83388"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=83388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}