Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    Anthropic’s Claude Fable 5 Crypto Hacks
    Anthropic’s Claude Fable 5: The AI That Could Supercharge Crypto Hacks and Defenses
    CLARITY Act Stalls Why Senate's August Recess Puts US Crypto Rules at Risk
    CLARITY Act Stalls: Why Senate’s August Recess Puts US Crypto Rules at Risk
    Three Stories, One Pattern Why Binance Is Having Its Worst Week Since the Pardon
    Three Stories, One Pattern: Why Binance Is Having Its Worst Week Since the Pardon
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Coinbase India Head Addresses Re-Entry Launch Glitches and the 12-Month Roadmap
    Inside the Trump Family’s $1.2B Crypto Windfall Who Paid the Price
    Inside the Trump Family’s $1.2B Crypto Windfall: Who Paid the Price?
  • Opinion
    OpinionShow More
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino
    Is Crypto Dying, or Is Pump.fun Turning It Into an Attention Casino?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Industry

LayerZero Details Single-Verifier Flaw Behind $292M KelpDAO Exploit

The protocol attributed the attack to a North Korean-linked threat group and announced stricter verifier and infrastructure security measures.

Written By Sharmistha Suman Sharmistha Suman
Fact Checked by Shubham Soni Shubham Soni
Published 2026-05-20·Updated 2 months ago
Make The Crypto Times preferred on GoogleGoogle
Share
LayerZero Details Single-Verifier Flaw Behind $292M KelpDAO Exploit

Key Highlights

  • LayerZero said the $292 million exploit targeted the KelpDAO rsETH bridge through compromised verifier infrastructure.
  • A single-verifier OApp configuration enabled the forged cross-chain message to be accepted.
  • LayerZero will no longer allow its DVN to operate as the sole signer for channels using its services. 

LayerZero Labs has released a post-mortem report on a security breach that resulted in the theft of approximately $292 million from the KelpDAO rsETH bridge.

According to the report, the attack took place on April 18, 2026, and targeted LayerZero’s cross-chain messaging protocol bridge. The company attributed the incident to TraderTraitor, a North Korean state-sponsored threat group also known as UNC4899, citing research from Mandiant, CrowdStrike, and other security firms.

We’re sharing our completed post-mortem on the April 18th incident, prepared with @Mandiant and @CrowdStrike. We are publishing both an executive summary and the full report at the link below.

Over the past four weeks, we’ve worked with hundreds of partners to help them… pic.twitter.com/yVZdqjLTeT

— LayerZero (@LayerZero_Core) May 20, 2026

How the attack unfolded

The KelpDAO attack began on March 6, 2026, after the attacker used social engineering on a LayerZero Labs developer to gain session keys. The attacker then used this access to break into the company’s RPC cloud infrastructure, where they were able to breach the company’s Remote Procedure Call (RPC) nodes that store blockchain data.

Once the attacker managed to get into the network, they used sophisticated techniques to patch the memory of RPC, such that LayerZero tools would receive a response as usual, even as they manipulated the responses provided to LayerZero Labs Decentralized Verifier Network (DVN). 

In order to guarantee success, the attacker conducted a DoS attack against an external RPC provider such that DVN signing could only use the two internal nodes that were compromised. This manipulation allowed the creation of a valid attestation for a forged cross-chain message.

The attack was enabled through the single-verifier design of the OApp that was compromised. As no additional DVN was needed for validation, the destination smart contract accepted a valid attestation and released the rsETH. Other OApps and channels were not affected.

LayerZero tightens security controls

Following the incident, several changes have been made to the security policies employed by LayerZero Labs. Previously, LayerZero Labs adopted a neutral position on the OApp configurations that could be selected by the application delegates. 

This approach will no longer be used. Specifically, the LayerZero Labs DVN will refuse to act as the only signer on any channel while ensuring that at least a minimal level of security configuration exists in all the channels. The underlying protocol itself will remain unchanged.

The company has also completely restructured its cloud infrastructure instead of applying any patches. This new cloud environment has improved hardened baselines, removal of all old credentials, privilege access based on just-in-time principles with time-limited credentials, multi-person approval processes for IAM modifications, and additional validation of devices and sessions.

LayerZero Labs has been closely coordinating with Mandiant, CrowdStrike, and zeroShadow when it comes to forensic analysis, attributing attacks, and monitoring tokens. The company is also coordinating with law enforcement agencies in this regard and states that it has committed to ongoing ecosystem-wide security reviews and hardening efforts.

One of the biggest DeFi attacks 

The $292 million hack is among the biggest DeFi hacks of 2026 and highlights the weaknesses that continue to exist with the confluence of social engineering attacks, compromised infrastructure, and poor protocol configuration. 

Though the modular nature of the protocol mitigated the impact of the attack, the exploit revealed how just one vulnerable point in the configuration of verifiers can have devastating consequences.

As the investigation goes on and as these funds start being traced, the case has been a clear lesson that nation-state attackers are becoming an increasingly threatening factor in the crypto sector and that security is key to cross-chain projects.

Also Read: Tether Tightens Grip on Twenty One Capital After SoftBank Exit

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News
Google News Banner

TAGGED:Kelp DAO
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link
Sharmistha Suman
By Sharmistha Suman
Sharmistha Suman is a Crypto Journalist at The Crypto Times, based in Bhopal, Madhya Pradesh. She covers Bitcoin and Ethereum price action, Indian crypto regulation, and emerging Web3 protocols, with a particular focus on how Indian retail and institutional investors participate in the global digital asset market. She joined The Crypto Times in April 2026. Sharmistha has been writing on cryptocurrency and blockchain since 2022. Before joining The Crypto Times, she contributed to The News Crypto and Todayq, and produced independent research on Indian crypto adoption, the country's evolving regulatory framework, and the developer ecosystems building on Ethereum and Solana. She holds a Master's degree in Digital Journalism and a Bachelor's degree in Journalism and Creative Writing, both from Makhanlal Chaturvedi National University of Journalism and Communication in Bhopal.
Shubham Soni
By Shubham Soni
Follow:
Shubham Soni is the Editor at The Crypto Times, based in Ujjain, Madhya Pradesh. He oversees the editorial desk, reviewing daily news coverage of cryptocurrency markets, US and Indian regulation, institutional adoption, the Solana ecosystem, AI agents, and Real World Assets (RWAs). All policy and markets coverage at The Crypto Times passes through his desk before publication. Before joining The Crypto Times in October 2025, Shubham managed news desks at Sportskeeda and Opoyi, covering global politics, sports, and entertainment for high-volume newsrooms serving the US and Indian markets. His four years in fast-paced newsrooms shaped his approach to fact-checking, source verification, and structural editing on complex stories. Shubham holds a Master's degree in Journalism from Makhanlal Chaturvedi National University of Journalism and Communication (Bhopal) and a Bachelor's degree in Journalism from Amity University Rajasthan. 

Latest News

Pak Deputy PM Ishaq Dar's Relative Arrested in Crypto Extortion Case
Pak Deputy PM Ishaq Dar’s Relative Arrested in Crypto Extortion Case
Kalshi Nears $10B Monthly Volume as Prediction Markets Grow
Kalshi Nears $10B Monthly Volume as Prediction Markets Grow
Algorand Calls for Shared Post-Quantum Crypto Security Standards
Algorand Calls for Shared Post-Quantum Crypto Security Standards
Vitalik Buterin Unveils Lean Ethereum Roadmap for Next Era
Vitalik Buterin Unveils Lean Ethereum Roadmap for Next Era 
Bitcoin Miner IREN Awards Co-CEOs $700M in Stock
Bitcoin Miner IREN Awards Co-CEOs $700M in Stock

Find Us on Socials

You may also like

Australian MP Discloses XRP as Only Crypto Holding

Fake Job, Real Prison: Chinese Man Jailed for 30 Months Over Crypto Scam

Fake Job, Real Prison: Chinese Man Jailed for 30 Months Over Crypto Scam

Sui AI Agents Smash Over 6M TPS in Live Stress Test

Sui AI Agents Smash Over 6M TPS in Live Stress Test

Moonwell Alerts Users on Moonbeam Network Shutdown

Moonwell Alerts Users on Moonbeam Network Shutdown

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information