TechFlow News, April 20: According to an official statement from LayerZero, on April 18, 2026, rsETH—a liquid staking token developed by KelpDAO—was hacked, resulting in losses of approximately $290 million. Preliminary investigations suggest the attack was carried out by TraderTraitor, a subgroup affiliated with the North Korean Lazarus Group. The attackers poisoned the RPC infrastructure relied upon by LayerZero Labs’ Decentralized Verifier Network (DVN) and coordinated a DDoS attack to force the system to switch to compromised nodes, ultimately enabling them to forge cross-chain transactions and steal funds.
LayerZero noted that the root cause of this incident lies in KelpDAO’s use of a 1/1 single-DVN configuration, which created a single point of failure. LayerZero had previously recommended multiple times that KelpDAO upgrade to a multi-DVN redundant architecture. No vulnerabilities were found in the LayerZero protocol itself; the impact of the attack was fully contained within rsETH, with no other cross-chain assets or applications affected. LayerZero Labs’ DVN has since resumed operations and announced it will no longer sign or verify messages for applications still using the 1/1 configuration. LayerZero is cooperating with law enforcement agencies worldwide and actively assisting in tracking the stolen funds.
