BTC
ETH
HTX
SOL
BNB
View Market
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt
Home
News
Pro
Articles
Trending
Topics
Events
Views
Tools
Download
Settings
Theme Switch
Login

LayerZero Releases KelpDAO Attack Report: North Korean Hackers Suspected of Involvement, Security Policies to Be Adjusted

2026-05-20 13:16

Odaily reports that LayerZero Labs has released a recent incident report stating that on April 18, 2026, the KelpDAO rsETH cross-chain bridge, built on its cross-chain communication protocol, suffered an attack resulting in the theft of approximately 116,500 rsETH (around $292 million). Multiple security organizations, including Mandiant, CrowdStrike, and independent researchers, have attributed this attack to the North Korea-linked hacker group TraderTraitor (UNC4899).

According to the report, the attack began on March 6, 2026. The attackers compromised a LayerZero developer account through social engineering, obtained session keys, and penetrated the RPC cloud environment. They further contaminated internal RPC node data and manipulated the returned results to deceive monitoring systems and the Decentralized Verification Network (DVN). Subsequently, the attackers launched a denial-of-service attack against external RPC providers, forcing the verification system to rely on the compromised nodes to generate forged cross-chain proofs, thereby successfully extracting the funds.

LayerZero pointed out that the core vulnerability of this incident lay in the affected application adopting a "single-verifier" configuration. This allowed the target contract to execute asset releases upon receiving only a single valid signature, leading to the theft of rsETH.

Following the incident, LayerZero Labs announced an adjustment to security policies. This includes no longer allowing its own DVN to act as the sole signer in a single-verifier configuration, rebuilding the affected cloud infrastructure, and introducing short-term credentials, instant permission upgrades, and multi-party approval mechanisms to enhance security. Additionally, zeroShadow and law enforcement agencies have initiated investigations and asset tracing. LayerZero stated it will continue to collaborate with ecosystem partners to strengthen the cross-chain security framework to address increasingly sophisticated nation-state attack threats.

Recommended Articles

YC Partner: How to Build a Self-Evolving AI-Native Company

Circle Chief Economist Interview: USDC's Entry into Hyperliquid Benefits Circle and HYPE

MEXC Alpha Trader Investment Research Weekly Report | Rate Cut Expectations Fully Reversed, Crypto Legislation Breakthrough Meets Historic ETF Outflows

SpaceX wealth effect's "blind box shareholders": Nesting dolls within dolls, who's swimming naked?

Search
24-Hour Flash News
2026-05-20 14:35
Bitget UEX continues to expand, now supporting over 340 US stock assets
2026-05-20 14:31
U.S. EIA crude oil inventories for the week ending May 15: -7,863K barrels vs. -2,942K barrels expected
2026-05-20 14:27
U.S. three major stock indices rally, with the Nasdaq 100 Index expanding its gain to 1%
2026-05-20 14:23
U.S.-Iran agreement text enters final polishing stage, expected to be announced within hours
2026-05-20 14:22
Drift Protocol: Insurance Fund Unaffected by Attack; Users Can Withdraw Staked Shares After Recovery
2026-05-20 14:19
US and Brent crude oil prices briefly fell sharply, while spot gold rose nearly 30 US dollars
Download Odaily App
Let Some People Understand Web3.0 First
IOS
Android
About Us
Contact Us
Join Us
Friendly Links
Advertising Cooperation
User Agreement
Privacy Policy
Disclaimer
Odaily Brand Media Kit | Official Logo & Visual Guidelines
Beijing Ruike Culture Media Co., Ltd.
京ICP备 2026027382号