North Korean state-sponsored hackers, likely the Lazarus Group (TraderTraitor), stole about 116,500 rsETH — roughly $290–293 million — from the KelpDAO DeFi project by poisoning RPC nodes to forge cross-chain messages. The attackers laundered funds through Tornado Cash, prompted rsETH contract freezes across Ethereum and L2s, and triggered an ongoing investigation by LayerZero and partners. #LazarusGroup #KelpDAO
Keypoints
- Approximately 116,500 rsETH (about $290–293 million) was stolen from KelpDAO.
- Attackers compromised RPC nodes used by the rsETH verifier and DDoS-ed healthy nodes to force reliance on poisoned nodes.
- A falsified cross-chain message was accepted as valid, enabling unauthorized transfer of rsETH.
- Stolen funds were routed through Tornado Cash, and LayerZero attributes the attack to the Lazarus Group (TraderTraitor).
- KelpDAO paused rsETH contracts across Ethereum and L2s and launched an investigation with LayerZero, Unichain, and other partners.