Gate News message, April 20 — LayerZero released preliminary findings on the Kelp DAO exploit that occurred on April 18, attributing the attack to a highly sophisticated state-backed threat actor, likely North Korea’s Lazarus Group subgroup known as TraderTraitor. The incident resulted in the loss of 116,500 rsETH tokens worth approximately $292 million, marking the largest DeFi exploit this year.
According to LayerZero’s investigation, attackers gained access to the list of RPC nodes used by LayerZero Labs’ decentralized verifier network (DVN), a system of independent entities responsible for validating cross-chain messages. Two nodes were poisoned to transmit a fraudulent message, while attackers simultaneously launched a distributed denial-of-service attack against uncompromised nodes. The forged message was accepted because Kelp DAO configured its bridge using a single 1-of-1 DVN setup with no secondary verifier to detect or reject the fraudulent transaction. LayerZero had previously advised Kelp DAO to diversify its DVN configuration. In response, LayerZero announced it will no longer sign messages for applications using 1/1 DVN configurations and is cooperating with law enforcement to track the stolen funds.
Separately, Ethereum Name Service gateway eth.limo disclosed that its domain hijacking on Friday, April 18, was caused by a social engineering attack targeting its service provider, easyDNS. An attacker impersonated an eth.limo team member and initiated an account recovery process, gaining access to the eth.limo account and modifying DNS settings to redirect traffic to Cloudflare-controlled infrastructure. The platform serves approximately two million decentralized websites using the .eth domain system. However, the Domain Name System Security Extension (DNSSEC) limited the damage by adding cryptographic verification to DNS records; because the attacker lacked the required signing keys, many DNS resolvers rejected the manipulated records, preventing malicious redirects. EasyDNS CEO Mark Jeftovic acknowledged the breach as the first successful social engineering attack against an easyDNS client in the company’s 28-year history and stated the company is implementing security improvements to prevent similar incidents.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Hyperliquid's Largest Long Trader Resumes Major ETH Long, Opens $203M Position on April 30
According to BlockBeats citing on-chain monitoring by Ember, Hyperliquid's largest long trader resumed large-scale ETH long positions on April 30. The trader has opened 90,000 ETH (worth $203 million) across three addresses, reclaiming the platform's top long position. The average entry price for th
GateNews3m ago
Bitmine Stakes 111,496 ETH, New Wallet Receives 20,000 ETH from FalconX
According to Onchain Lens, Bitmine staked 111,496 ETH (valued at $253.27 million) 5 hours ago on April 30. A newly created wallet (0x448) received 20,000 ETH ($44.8 million) from FalconX and now holds 40,000 ETH ($90.16 million), likely attributed to Bitmine.
GateNews21m ago
Crypto Long Positions Liquidated for $350M Overnight as Oil Surges, Largest in a Month
According to CoinGlass, crypto long positions were liquidated for $350 million overnight on April 30, marking the largest single-day liquidation in approximately one month since March 27.
The liquidation followed a surge in oil prices and disagreement among Federal Reserve officials on monetary pol
GateNews5h ago
Vitalik's Address Sells Meme Tokens at Minute-Level Frequency on April 30, ETH Inflows Recorded
According to BlockBeats citing Arkham on-chain data, Vitalik Buterin's address began offloading Meme tokens at minute-level transaction frequency on April 30, with concurrent ETH inflows recorded. Individual transactions ranged from tens to hundreds of dollars, suggesting potential automated script
GateNews9h ago
Certain CEX Launches Agent Payments Protocol Supporting 4 Payment Modes, 9 Partners Including Ethereum Foundation
According to official sources, a major cryptocurrency exchange has launched the Agent Payments Protocol (APP), an open payment standard for AI Agent commercial transactions on April 29. The protocol enables AI Agents to process single payments, batch payments, usage-based payments, and escrow paymen
GateNews9h ago
Ethereum Foundation Releases Q1 2026 Grants List, Focusing on Cryptography, ZK, and Protocol Infrastructure
According to ChainCatcher, the Ethereum Foundation announced its Q1 2026 grants and ecosystem support projects on April 29, prioritizing cryptography, zero-knowledge proofs (ZK), protocol security, and core infrastructure development. The funding supports client optimization (Geth, Erigon,
GateNews10h ago
