2026-05-18
LayerZero
LayerZero Labs KelpDAO Incident Report
#KelpDAO
#TraderTraitor
KelpDAO / LayerZero
#KelpDAO
- Reported: 2026-04
- Locations: India
- Motivations: #FinancialGain
- Sectors: #Cryptocurrency
Summary
The April 18, 2026 KelpDAO exploit — resulting in approximately $290M in losses — was a sophisticated supply-chain-style RPC poisoning attack attributed to DPRK's TraderTraitor cluster, in which the threat actor compromised two independent RPC nodes used by LayerZero Labs' DVN, replaced their op-geth binaries with malicious versions that selectively forged transaction confirmations only to the DVN while reporting truthfully to all other observers, and simultaneously DDoS'd uncompromised RPC nodes to force failover onto the poisoned infrastructure — an attack that succeeded exclusively because KelpDAO's rsETH was configured with a single 1-of-1 DVN, eliminating any redundant verification that would have otherwise blocked the forged message.