KelpDAO hack confirmed at ~$290M, tied to Lazarus via LayerZero DVN

KelpDAO confirmed that the April 18, 2026 exploit was not limited to Kelp’s own systems. The KelpDAO hack was caused by a compromise of LayerZero’s Decentralized Verifier Network (DVN), with total theft estimated at $290M–$293M. The attack has been linked to North Korea’s Lazarus Group. KelpDAO says it halted an additional ~$95M outflow by pausing contracts quickly after detecting the incident. The scale of the KelpDAO hack has effectively locked market expectations: a related prediction market assigns 100% odds for at least one $100M+ crypto hack by December 31, with the outcome treated as “settled” given 255 days remaining. KelpDAO also points to a broader DeFi security issue. The attribution and the DVN “single-validator” style setup highlight systemic risk for protocols depending on centralized trust assumptions inside bridge or verification infrastructure. Traders should watch for follow-up statements from LayerZero and independent investigations (the article cites ZachXBT or CertiK) to determine the full scope of the DVN vulnerability and whether other protocols using the same infrastructure are exposed. No new trading activity was reported recently in the linked market, and order books were described as thin—consistent with already-priced-in certainty.