LayerZero KelpDAO Bridge Hack: $292M rsETH Drained by Lazarus
LayerZero said the KelpDAO bridge hack that drained about $292M was “likely” linked to North Korea’s Lazarus Group, through its TraderTraitor unit. LayerZero’s preliminary analysis says attackers withdrew 116,500 rsETH (a liquid restaking token backed by staked ETH) by corrupting the verification channel rather than fully “breaking” the bridge.
The root cause was KelpDAO’s single-verifier setup for LayerZero message approvals, creating a single point of failure. LayerZero previously warned against this architecture and now says it will stop signing messages for any application still using a single-verifier design.
Market impact hit quickly. Large rsETH outflows triggered liquidity stress at Aave, where markets tied to the token were frozen and more than $10B reportedly exited lending infrastructure. Cyvers also said the attackers briefly approached an additional ~$100M drain, but a rapid blacklist blocked follow-up attempts.
Attribution remains partly disputed. LayerZero frames the incident as consistent with a sophisticated state actor, while Cyvers could not fully confirm the same DPRK attribution due to insufficient wallet-cluster evidence.
Bearish
This event is broadly bearish for the affected assets (notably rsETH and exposure routed through Aave). LayerZero-linked execution risk (a single-verifier design) and the confirmed $292M rsETH outflow can accelerate redemptions, worsen liquidity conditions, and keep lending/bridge-linked tokens under selling pressure in the short term.
In the short run, the liquidity freeze and the scale of withdrawals typically pressure token pricing and increase volatility. In the long run, the situation may encourage infrastructure changes (multi-verifier requirements and reduced single-point designs), but those upgrades take time. With an attribution narrative tied to DPRK-like sophistication, traders may also price in a higher security premium and risk-off behavior until audits, monitoring improvements, and signer-policy enforcement provide clearer stabilization signals.