LayerZero Pins $292M KelpDAO Bridge Hack on North Korea’s Lazarus Group

Dijital varlık piyasalarında kritik bir gelişme söz konusu. LayerZero Pins $292M KelpDAO Bridge Hack on North Korea’s Lazarus Group Price data by News DeFi LayerZero Pins $292M KelpDAO Bridge Hack on North Korea’s Lazarus Group Attackers forged a cross-chain message, came within minutes of a second drain, and wiped their tracks on the way out. By Vince Dioquino Edited by Stephen Graves Apr 20, 2026 Apr 20, 2026 4 min read North Korea and hacking. Image: Shutterstock/ Create an account to save your articles.

Add on Google Add as your preferred source to see more of our stories on Google. In brief Attackers drained roughly $292M from KelpDAO’s cross-chain bridge on Saturday. LayerZero, which powered the breached bridge, tied the hack to North Korea’s Lazarus Group.

Piyasa Dinamikleri

The bridge itself wasn’t broken, but attackers corrupted the channel verifying it, was told. The exploit that drained roughly $292 million from KelpDAO’s cross-chain bridge over the weekend was “likely” the work of North Korea’s Lazarus Group, specifically its TraderTraitor subunit, LayerZero said in a preliminary analysis on Monday. Attackers drained 116,500 rsETH, a liquid restaking token backed by staked ether, from the KelpDAO bridge on Saturday, setting off withdrawals across the decentralized finance sector that pulled more than $10 billion out of lending protocol Aave .

The attack carried the markings of “a highly-sophisticated state actor, likely DPRK’s Lazarus Group,” LayerZero said, specifying the group’s TraderTraitor subunit. North Korea’s cyber operations run under the Reconnaissance General Bureau, which houses several distinct units, including TraderTraitor, AppleJeus, APT38, and DangerousPassword, according to an analysis by Paradigm researcher Samczsun. Among these subunits, TraderTraitor has been flagged as the most sophisticated DPRK actor targeting crypto, previously linked to the Axie Infinity Ronin Bridge and WazirX compromises.

LayerZero said that KelpDAO had used a single verifier to approve transfers in and out of the bridge, adding that it had repeatedly urged KelpDAO to use multiple verifiers instead. Going forward, LayerZero said it will stop approving messages for any application still running that setup. Observers say the exploit exposed how the bridge was built to trust a single verifier.

It was “a single point of failure, regardless of what the marketing calls it,” Shalev Keren, co-founder at cryptographic security firm Sodot, told .

Blockchain ekosistemindeki bu gelişme, dijital varlık piyasalarını şekillendirmeye devam ediyor. Uzmanlar, konunun yakın vadeli etkilerini mercek altına alıyor.