THE $290 million Kelp DAO crypto heist has been attributed to North Korea, with the Lazarus Group named as the likely actor and described as a claim by SecurityWeek. The attack occurred at 17:35 UTC on Sunday, draining 116,500 rsETH (restaked ether) valued at roughly $292 million, and was followed by a second attempt that blocked about 40,000 rsETH worth roughly $95 million.
LayerZero’s Decentralized Verifier Network was targeted after attackers poisoned two of its RPCs, enabling a DDoS to trigger a failover to the poisoned nodes and allowing malicious instructions to pass as valid; according to LayerZero, this pivot point enabled an RPC-spoofing attack and a highly sophisticated operation likely mounted by TraderTraitor, a subgroup within Lazarus.
Kelp DAO paused relevant contracts and blacklisted the attackers’ wallet, while Arbitrum Security Council and other partners froze assets in addresses connected to the heist. The incident also coincided with broader market effects, including a near $8 billion drop in Aave’s total value, though Kelp says it is prioritising contagion prevention across DeFi.