What happened in the Kelp DAO exploit?

LayerZero says North Korea's Lazarus Group compromised internal RPC nodes and DDoS'd external ones to forge a cross-chain message, draining $292 million. The protocol has since apologized for its communication during the three weeks after the attack.

What is the 1/1 DVN configuration LayerZero is ending?

A 1/1 DVN setup uses a single verifier — LayerZero's own — to confirm cross-chain messages. LayerZero conceded this should never have been allowed for high-value transactions and announced it is ending support for the configuration.

Who is the Lazarus Group and why does LayerZero's attribution matter?

Lazarus is a North Korean state-linked hacking group long associated with large crypto heists. Attributing the Kelp DAO exploit to Lazarus frames it as a state-actor incident rather than an opportunistic exploit — but naming the attacker after the fact does not harden the bridge.

🩸BEARISH 47d ago

TheBlock

Kelp DAO exploit: LayerZero apologizes, drops sole-DVN verifier setup

The $292M Kelp DAO exploit exposed a single-verifier setup LayerZero now admits should never have shipped — and a 3.5-year-old multisig incident the protocol kept quiet until Friday.

Zipp Editorial Aggregated from TheBlock

LayerZero published a blog post Friday apologizing for poor communication in the three weeks since the $292 million Kelp DAO exploit, conceding it should not have allowed its DVN to act as a sole verifier for high-value transactions.

Why it matters

The protocol attributed the attack to North Korea's Lazarus Group, which it says compromised internal RPC nodes and DDoS'd external ones to forge a cross-chain message. LayerZero also disclosed a previously unreported incident from roughly three and a half years ago in which a multisig signer used their production hardware wallet to execute a personal trade — a belated admission that lands awkwardly alongside the post-mortem of a nine-figure loss.

Market impact

LayerZero announced a series of security changes, including ending support for the 1/1 DVN configuration. The structural lesson for cross-chain infrastructure: a single verifier is a single point of compromise, and named-state-actor attribution does not retroactively harden the bridge.

#LayerZero #KelpDAO #LazarusGroup #CrossChain

Frequently asked questions

What happened in the Kelp DAO exploit?

LayerZero says North Korea's Lazarus Group compromised internal RPC nodes and DDoS'd external ones to forge a cross-chain message, draining $292 million. The protocol has since apologized for its communication during the three weeks after the attack.
What is the 1/1 DVN configuration LayerZero is ending?

A 1/1 DVN setup uses a single verifier — LayerZero's own — to confirm cross-chain messages. LayerZero conceded this should never have been allowed for high-value transactions and announced it is ending support for the configuration.
What undisclosed incident did LayerZero reveal?

LayerZero disclosed a previously unreported incident from roughly 3.5 years ago in which a multisig signer used their production hardware wallet to execute a personal trade. The protocol did not say why it is surfacing the incident now.
Who is the Lazarus Group and why does LayerZero's attribution matter?

Lazarus is a North Korean state-linked hacking group long associated with large crypto heists. Attributing the Kelp DAO exploit to Lazarus frames it as a state-actor incident rather than an opportunistic exploit — but naming the attacker after the fact does not harden the bridge.
What security changes is LayerZero making?

LayerZero announced a slate of security changes, including ending support for the 1/1 DVN configuration. The protocol did not detail the full set of changes in the post.

Source attribution

Aggregated from TheBlock · Verified · Last refreshed 47d ago

Open original →

Invesco SEC filing seeks tokenized stablecoin reserve fund onchain

Invesco files tokenized money fund for stablecoin issuers

Tether's $141B Treasury Holdings Put Stablecoins on Fed Radar