# LayerZero Publishes Full Post-Mortem On $292M KelpDAO Exploit *LayerZero Labs traces the $292M April 18 attack on KelpDAO's rsETH bridge to TraderTraitor, a developer machine compromise, and poisoned internal RPC nodes.* By [ETH Daily](https://ethdaily.io) ยท 2026-05-20 kelpdao, rseth, security, exploit, layerzero --- LayerZero Labs [published](https://x.com/LayerZero_Core/status/2057085190565224699) a full post mortem on the April 18 attack on [KelpDAO's rsETH bridge](https://ethdaily.io/kelpdao-loses-290m-in-layerzero-bridge-exploit). LayerZero attributed the attack to TraderTraitor, the same group behind the $1.5B Bybit hack in February 2025. The attack began six weeks earlier, on March 6, when an attacker tricked a LayerZero developer into cloning a malicious GitHub repo that dropped malware on their macOS machine, harvesting session keys and opening a path into LayerZero's internal RPC infrastructure. The attacker quietly poisoned two internal RPC nodes to return forged chain state while appearing clean to LayerZero's own monitoring tools. On the day of the exploit, the attacker launched a denial-of-service attack against an external RPC provider to force the DVN signing service onto the compromised nodes exclusively. The result was a valid attestation for a fabricated cross-chain message. LayerZero again pointed blame to KelpDAO's single-DVN setup that allowed one valid attestation to unlock 116,500 rsETH on Ethereum. LayerZero says it will now refuse to sign as the sole required attestor on any channel. KelpDAO's rsETH recovery [entered its final stage](https://ethdaily.io/kelpdao-rseth-recovery-enters-final-stage) earlier this month, and Kelp [resumed withdrawals](https://ethdaily.io/kelpdao-resumes-rseth-withdrawals-following-recovery-operation) on May 15. * * * [![](https://storage.googleapis.com/papyrus_images/451cc866a3d850b22fc8dd1db907f94a08090ffffe29963d21a2257b4abacfe7.png)](https://ethdaily.io/sponsor) * * * Disclaimer: Content is for informational and educational purposes only and does not constitute financial, investment, legal, or other professional advice. No representations or warranties are made as to accuracy, completeness, or timeliness. Use of this content is at your own risk, and you should consult a qualified professional before making decisions. No fiduciary or advisory relationship is created --- *Originally published on [ETH Daily](https://ethdaily.io/layerzero-publishes-full-post-mortem-on-dollar292m-kelpdao-exploit)*