KelpDAO Suffers $290M Exploit, Linked to North Korea's Lazarus Group

2 hour ago 8 sources negative

Key takeaways:

  • The exploit highlights critical systemic risk in DeFi from single points of failure in cross-chain infrastructure.
  • Investors should scrutinize protocol security setups, particularly DVN configurations, as a key risk factor.
  • Massive outflows from Aave signal a potential short-term liquidity crisis and broader contagion fear in DeFi.
AAVE AAVE $90.72 -1.65%
RSETH RSETH
ETH ETH $2315.22 +0.16%

KelpDAO, a liquid restaking protocol, was exploited for approximately $290 million on April 18, 2026, in a sophisticated attack now attributed to North Korea's Lazarus Group. The attackers stole 116,500 rsETH (restaked ETH) by compromising the cross-chain message verification system.

The attack vector was a highly targeted cross-chain message spoofing attack. According to post-incident analysis by LayerZero, the attacker first gained access to the list of RPC nodes used by LayerZero's Decentralized Verifier Network (DVN). They then poisoned two of these nodes to deliver a fake cross-chain message. Simultaneously, a Distributed Denial-of-Service (DDoS) attack was launched against clean nodes, forcing the DVN to rely on the compromised ones. This allowed the forged message to pass validation.

The root cause was identified as KelpDAO's use of a 1-of-1 DVN setup, which had no redundancy or backup verifiers. LayerZero stated this created a single point of failure, with "no independent verifier to catch and reject a forged message." The company noted it had previously communicated best practices around DVN diversification to KelpDAO and will no longer sign messages for applications using a 1/1 DVN configuration.

The fallout from the exploit rippled across the broader DeFi ecosystem. The attacker moved the stolen rsETH to Aave V3, using it as collateral to borrow large amounts of Wrapped Ethereum (WETH). This raised concerns over potential bad debt, prompting Aave to freeze rsETH markets on both its V3 and V4 platforms. Aave founder Stani Kulechov confirmed the freeze, stating the asset lost its borrowing power due to the exploit.

Historical data showed over $10 billion in outflows from Aave following the attack, with total supplied funds dropping from $45.8 billion to $35.7 billion. The stress extended further, causing the total value locked (TVL) across all of DeFi to drop by 7% in 24 hours, from $99.5 billion to about $86.3 billion. As a precaution, several other major DeFi protocols—including Ethena, ether.fi, Tron DAO, and Curve Finance—paused their LayerZero OFT bridges.

LayerZero and law enforcement are continuing efforts to trace the stolen funds. The company emphasized that there is "zero contagion" for other assets or applications using multi-DVN setups, as the exploit was isolated to KelpDAO's specific configuration. The protocol's infrastructure has since been replaced and secured.

Previously on the topic:
yesterday / 05:24
KelpDAO Exploited for $293M in rsETH via Cross-Chain Bridge Flaw, Aave Freezes Markets
AAVE AAVE Aave $90.72 -1.65%
Strong negative sentiment from $290M exploit contagion. Aave froze rsETH markets to contain bad debt risk, but triggered massive $10B+ outflows, eroding confidence and TVL. Short-term pressure severe, recovery depends on containment success.
RSETH RSETH Restaked Ethereum
Severe negative sentiment from a $290M exploit attributed to Lazarus Group. Loss of trust and collateral utility (Aave freeze) creates strong fundamental pressure for devaluation.
ETH ETH Ethereum $2315.22 +0.16%
Strong negative sentiment from $290M DeFi exploit attributed to Lazarus Group. Systemic risk fears triggered massive Aave outflows and broad DeFi TVL contraction, creating heavy short-term selling pressure.
Sources
KelpDAO $290M Exploit Linked to Suspected Lazarus Group Attack
coinpedia.org 20.04.2026 06:54
LayerZero links Kelp DAO exploit to Lazarus as DeFi losses deepen
crypto.news 20.04.2026 07:46
KelpDAO Security Breach Blamed on Lazarus Group
Financefeeds 20.04.2026 08:03
Top Today
2 hour ago 8 sources
KelpDAO Suffers $290M Exploit, Linked to North Korea's Lazarus Group
AAVE AAVE $90.72 -1.65%
RSETH RSETH
ETH ETH $2315.22 +0.16%
2 hour ago 7 sources
KelpDAO $292M Bridge Exploit Triggers $10B DeFi Exodus, Sparking Solana Liquidity Crisis
SOL SOL $85.22 +0.68%
AAVE AAVE $90.72 -1.65%
USDC USDC $1.00 -0.01%
ETH ETH $2315.22 +0.16%
RSETH RSETH
2 hour ago 6 sources
Vercel Security Breach Linked to AI Tool Compromise, Crypto Projects Forced to Rotate Credentials
SOL SOL $85.22 +0.68%
3 hour ago 6 sources
Polymarket in Talks to Raise $400M at $15B Valuation Amid Prediction Market Boom
3 hour ago 6 sources
Gold Prices Slide as Strong Dollar and Rising Yields Dampen Safe-Haven Appeal
3 hour ago 8 sources
US Dollar Strength Pressures Global Markets as EUR/USD and GBP/USD Face Critical Support Tests
4 hour ago 6 sources
Geopolitical Tensions and Oil Price Surge Pressure Asian Currencies, Including Indian Rupee
Disclaimer

The content on this website is provided for information purposes only and does not constitute investment advice, an offer, or professional consultation. Crypto assets are high-risk and volatile — you may lose all funds. Some materials may include summaries and links to third-party sources; we are not responsible for their content or accuracy. Any decisions you make are at your own risk. Coinalertnews recommends independently verifying information and consulting with a professional before making any financial decisions based on this content.