LayerZero Publishes KelpDAO Hack Report, Unveils Security Overhaul

LayerZero Labs has released an incident report on the KelpDAO exploit, confirming that the KelpDAO rsETH cross-chain bridge built on its cross-chain messaging protocol was compromised. The breach led to the theft of about 116,500 rsETH, valued at roughly $292 million. Multiple security firms, including Mandiant and CrowdStrike, along with independent researchers, attributed the attack to the North Korea-linked hacking group TraderTraitor (UNC4899). According to the report, the intrusion began on March 6, 2026. Attackers used social engineering to take over a LayerZero developer account, obtain session keys, and access the RPC cloud environment. They then tampered with internal RPC node data and manipulated response outputs, misleading monitoring systems and the Decentralized Verification Network (DVN). LayerZero Labs also announced security changes, including ending the use of its own DVN as the only signer in single-verification setups, rebuilding the affected cloud infrastructure, and rolling out short-lived credentials, just-in-time privilege escalation, and multi-party approval controls.