LayerZero attributes $290M Kelp DAO hack to North Korea's Lazarus group

LayerZero (ZRO) announced on its official X account that it believes the North Korean hacking group Lazarus is behind the recent exploit of Kelp DAO's rsETH. LayerZero was the cross-chain bridge utilized by the hackers in the incident yesterday. According to the company, the attackers used a sophisticated method to compromise the underlying RPC infrastructure of LayerZero Labs' Decentralized Verification Network (DVN). They hacked two independent RPC nodes, replaced them with malicious binaries, and launched a distributed denial-of-service (DDoS) attack on normal nodes to redirect the system to the compromised ones. The estimated damages are $290 million. LayerZero stated that it had previously recommended Kelp DAO use a multi-DVN setup with multiple validators, but Kelp DAO's decision to maintain a single-validator structure left its defense system vulnerable. The incident was described as a security configuration issue with a specific application, not a flaw in the protocol itself, and no other assets or applications were affected. LayerZero has since replaced the compromised RPC nodes, restored normal service, and is working with authorities worldwide to track the stolen funds.