Gate News message, April 20 — LayerZero released preliminary findings on the Kelp DAO exploit that occurred on April 18, attributing the attack to a highly sophisticated state-backed threat actor, likely North Korea’s Lazarus Group subgroup known as TraderTraitor. The incident resulted in the loss of 116,500 rsETH tokens worth approximately $292 million, marking the largest DeFi exploit this year.
According to LayerZero’s investigation, attackers gained access to the list of RPC nodes used by LayerZero Labs’ decentralized verifier network (DVN), a system of independent entities responsible for validating cross-chain messages. Two nodes were poisoned to transmit a fraudulent message, while attackers simultaneously launched a distributed denial-of-service attack against uncompromised nodes. The forged message was accepted because Kelp DAO configured its bridge using a single 1-of-1 DVN setup with no secondary verifier to detect or reject the fraudulent transaction. LayerZero had previously advised Kelp DAO to diversify its DVN configuration. In response, LayerZero announced it will no longer sign messages for applications using 1/1 DVN configurations and is cooperating with law enforcement to track the stolen funds.
Separately, Ethereum Name Service gateway eth.limo disclosed that its domain hijacking on Friday, April 18, was caused by a social engineering attack targeting its service provider, easyDNS. An attacker impersonated an eth.limo team member and initiated an account recovery process, gaining access to the eth.limo account and modifying DNS settings to redirect traffic to Cloudflare-controlled infrastructure. The platform serves approximately two million decentralized websites using the .eth domain system. However, the Domain Name System Security Extension (DNSSEC) limited the damage by adding cryptographic verification to DNS records; because the attacker lacked the required signing keys, many DNS resolvers rejected the manipulated records, preventing malicious redirects. EasyDNS CEO Mark Jeftovic acknowledged the breach as the first successful social engineering attack against an easyDNS client in the company’s 28-year history and stated the company is implementing security improvements to prevent similar incidents.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Fundstrat's Tom Lee Stakes Another 98,352 ETH as Bitmine's Total Climbs to $8.35 Billion
Bitmine has staked an additional 98,352 ether worth $229 million, pushing the firm’s cumulative staked position to 3,587,821 ETH and extending what is already the largest institutional ether staking operation on record.
Key Takeaways:
Lookonchain flagged Bitmine’s 98,352 ETH ($229M) stake on
Coinpedia1m ago
BlackRock Transfers 12,080 ETH and 113 BTC to Major Institutional Custodian
Gate News message, April 24 — BlackRock transferred 12,080 ETH worth approximately $27.94 million through its Ethereum spot ETF (ETHA) and 113.342 BTC worth $8.81 million through its Bitcoin ETF (IBIT) to a major institutional custodian address approximately two hours ago (April 24), according to
GateNews20m ago
OSL Group Partners with Circle to Expand USDC Access Across Trading and Payment Platforms
Gate News message, April 24 — OSL Group (HKEX: 863), a global stablecoin payment and trading platform, announced a partnership with an affiliate of Circle Internet Group, Inc. (NYSE: CRCL) on April 22 to expand USDC access across its payment and trading platforms.
Through OSL Global, users can conv
GateNews51m ago
Balancer Hacker Converts 7,000 ETH to 204.7 BTC via THORChain Today
Gate News message, April 24 — The hacker who stole approximately $98 million in assets from Balancer in November 2025 has begun converting ETH to BTC through the cross-chain protocol THORChain. Today, the attacker exchanged 7,000 ETH for 204.7 BTC, valued at approximately $15.88 million, with
GateNews3h ago
