Ethical Hacking News
KelpDAO's $290 million crypto heist highlights the ongoing threat landscape of state-sponsored hackers and underscores the need for DeFi projects to prioritize robust security measures. This complex attack reveals the vulnerabilities that can arise when cross-chain validation protocols are exploited by sophisticated hackers, leaving a trail of destruction in their wake.
The KelpDAO cryptocurrency project was hit by a $290 million heist, with state-sponsored North Korean hackers reportedly behind the attack. The attack exploited vulnerabilities in KelpDAO's cross-chain validation protocol using LayerZero, allowing hackers to trick the system into accepting fake transactions. LayerZero has identified the Lazarus Group as likely responsible for the heist, which is infamous for its involvement in high-profile cyberattacks. The attack highlights the ongoing threat landscape of state-sponsored hacking groups and the need for DeFi projects to prioritize robust security measures. The incident underscores the interconnectedness of blockchain-based systems and the potential risks associated with cross-chain interactions.
The cryptocurrency world was dealt another devastating blow recently, as KelpDAO, a decentralized finance (DeFi) project built around liquid restaking on the Ethereum network, fell victim to a brazen heist that netted hackers approximately $290 million. The attack, which appears to be the work of state-sponsored North Korean hackers, has left the crypto community reeling in shock and confusion.
At its core, KelpDAO is an innovative project that allows users to deposit their Ethereum (ETH) tokens and then restake them, generating a lucrative yield. In exchange for this restaking service, users receive a liquid token named 'rsETH,' which represents the restaked position and can be used across various DeFi platforms, including cross-chain via LayerZero. This seamless interaction between KelpDAO and other DeFi projects is made possible by its collaboration with LayerZero, an inter-blockchain communication protocol and interoperability layer.
The attack on KelpDAO was reportedly first detected on April 18, when the project announced that it had discovered suspicious cross-chain activity involving rsETH. In response to this finding, KelpDAO immediately froze all rsETH contracts across the Ethereum mainnet and LayerTwo scaling solutions (L2s). This swift action demonstrates the project's commitment to user protection and its ability to respond swiftly in the face of emerging threats.
The investigation into the attack is ongoing, with KelpDAO working closely with partners such as LayerZero, Unichain, and other key stakeholders. According to preliminary findings from these investigations, it appears that hackers used a combination of tactics to compromise the verification layer (DVN) used by KelpDAO to validate cross-chain messages for rsETH.
Specifically, the attackers compromised some RPC nodes used by the verifier, feeding it falsified blockchain data while simultaneously conducting distributed denial-of-service (DDoS) attacks against healthy RPC nodes. This manipulation of the DVN allowed the hackers to trick the system into accepting fake cross-chain messages as valid, which subsequently enabled them to confirm transactions that never actually occurred on-chain.
The protocol behind this attack has also shed some light on its potential motives and impact. According to LayerZero's preliminary evaluation of the attack indicators, it appears that state-sponsored North Korean hackers are likely responsible for the heist. The group in question, known as the Lazarus Group, is infamous for its involvement in numerous high-profile cyberattacks, including a $280 million theft from the Drift Protocol last year.
This latest attack on KelpDAO highlights the ongoing threat landscape of state-sponsored hacking groups and their use of sophisticated tactics to compromise blockchain-based projects. The fact that this heist was able to net hackers such a substantial amount of cryptocurrency underscores the need for these projects to prioritize robust security measures, including cross-chain validation protocols, to safeguard against similar attacks in the future.
Furthermore, the fact that the attack did not appear to have any broader contagion effects across other DeFi platforms or assets suggests that the vulnerabilities exploited by the hackers were specific to KelpDAO's implementation of LayerZero. Nonetheless, this incident serves as a stark reminder of the interconnectedness of blockchain-based systems and the potential risks associated with cross-chain interactions.
In conclusion, the $290 million heist on KelpDAO represents a significant blow to the crypto world, particularly for DeFi projects that rely heavily on cross-chain validation protocols like LayerZero. As these projects continue to grow in complexity, so too do their vulnerabilities to sophisticated hacking tactics. It is only through continued vigilance and investment in robust security measures that we can prevent similar incidents from occurring in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/KelpDAOs-290-Million-Crypto-Heist-Unpacking-the-Complexity-Behind-the-Attack-ehn.shtml
https://www.bleepingcomputer.com/news/security/kelpdao-suffers-290-million-heist-tied-to-lazarus-hackers/
https://cybernews.com/crypto/crypto-290m-kelp-dao-exploit-north-koreas-lazarus-group/
https://www.picussecurity.com/resource/blog/lazarus-group-apt38-explained-timeline-ttps-and-major-attacks
https://en.wikipedia.org/wiki/Lazarus_Group
Published: Mon Apr 20 17:49:08 2026 by llama3.2 3B Q4_K_M
