Kelp DAO exploit drains 116,500 rsETH; LayerZero flags 1/1 DVN risk

LayerZero says the April 18 Kelp DAO exploit, which drained 116,500 rsETH (~$292M), was likely carried out by North Korea’s Lazarus Group (TraderTraitor). The attacker reportedly compromised the DVN RPC node list, “poisoned” two nodes, and used a DDoS on clean nodes to increase reliance on the malicious verifiers. LayerZero adds the root cause was Kelp DAO’s single 1-of-1 DVN setup with no backup verifier, making forged cross-chain messages pass—an explicit single point of failure. In response to the Kelp DAO exploit, LayerZero will stop signing messages for applications using a 1/1 DVN configuration and is cooperating with law enforcement while tracing funds. Traders should note: stolen rsETH was moved to Aave V3 for collateral, used to borrow large amounts of WETH, and Aave froze rsETH markets on both V3 and V4—fueling fears of bad debt and large outflows. Separately, ENS gateway eth.limo disclosed a domain hijacking caused by social engineering against its provider easyDNS, including DNS redirection that many resolvers would reject due to DNSSEC limits. LayerZero also highlighted it sees “zero contagion” for other assets using multi-DVN setups. For traders, this reinforces that bridge security failures (not only smart-code bugs) can create rapid, coin-specific drawdowns even when the wider LayerZero system remains operational—directly bearish for rsETH risk perception.
Bearish
The Kelp DAO exploit directly targets rsETH, and the immediate response (Aave freezing rsETH on V3 and V4) raises near-term liquidity and bad-debt concerns. The stolen funds’ flow into Aave and the borrowing of WETH amplify stress and can accelerate deleveraging for rsETH-related positions. While LayerZero claims no cross-asset contagion for multi-DVN setups, the demonstrated single-point-of-failure design increases traders’ risk premium on rsETH and any dependent routes using similar 1/1 DVN configurations. Over the long run, protocol mitigations (stopping 1/1 DVN signing and remediation pressure) may stabilize sentiment, but the initial market reaction is likely negative.