Key Insights:
- The $290M Kelp DAO crypto hack has been linked to Lazarus Group and TraderTraitor.
- The single-verifier setup enabled the exploit via compromised RPC nodes.
- The attack triggered Aave stress, bad debt concerns, and rsETH exposure.
After the massive $290 million Kelp DAO crypto hack, LayerZero released its initial findings. The blockchain platform linked the crypto exploit to the notorious North Korean Lazarus Group. The findings have also revealed that the crypto scam is rooted in a single-verifier setup, which is the key vulnerability behind the breach.
LayerZero Links Kelp Crypto Hack to Critical Setup Weakness
In a report released on April 20, LayerZero noted that the attackers involved in the Kelp DAO crypto hack compromised two RPC nodes. The crypto exploit unfolded through a coordinated attack on the verifier network. The report stated,
“Preliminary indicators suggest attribution to a highly sophisticated state actor, likely DPRK’s Lazarus Group, more specifically TraderTraitor.”
The attackers also launched a Distributed Denial-of-Service (DDoS) attack against the remaining healthy nodes. This forced the system to rely on the compromised ones. This combination of node manipulation and network disruption played a crucial role in the success of the attack.
Another major incident reported today is the Vercel crypto scam, which fortunately resulted in zero financial loss.
No Backup, No Defense: Inside the Kelp DAO Flaw
At the core of the crypto hack was Kelp DAO’s decision to operate without a multi-verifier setup. LayerZero pointed out that this setup created a clear single point of failure. In simple terms, there was no safety net.
The company stated that it had already advised Kelp DAO to use multiple verifiers to reduce risk. But those recommendations were not followed.
Without any redundancy, the attackers had to exploit the vulnerability through a single channel to successfully complete the exploit. This gave the attackers an opportunity to send a fraudulent cross-chain message without having it independently verified.
In this case, Kelp DAO was using a 1-of-1 DVN mechanism. It meant there was only one verifier the system used, with no backup in place. When the attackers sent the fake message, there was no additional verification that could have flagged the problem. It made the protocol accept the message and release the tokens.
From the example above, it is apparent that relying on a single verification mechanism poses significant risks for a DeFi protocol. The protocol could end up losing a lot of funds if not careful enough.
Is Lazarus Group Behind the Kelp DAO Crypto Hack?
In addition to finding the flaw, LayerZero has also hinted at the possible connection of North Korea’s Lazarus Group in the Kelp DAO crypto hack.
In particular, the platform is linked to the group’s subsidiary, TraderTraitor. The group is well known for targeting crypto platforms. It has been behind several major attacks in the past, including large-scale DeFi exploits.
No Protocol Contagion, But Impact Spreads to Aave
LayerZero has clarified that the Kelp DAO exploit did not impact its broader ecosystem. According to the team, there is “zero contagion” to any other cross-chain assets or applications. It means the issue was isolated to Kelp DAO’s setup. The compromised RPC nodes have now been fully removed and replaced. The LayerZero Labs DVN is back up and running.
Nevertheless, even if the core protocol has not been compromised, the fallout from this hack has continued to resonate throughout the DeFi space. With the hacker’s activities placing undue pressure on other systems, such as Aave, the protocol was forced to contend with bad debt and exposure to the stolen rsETH tokens.