LayerZero RPC-Poisoning Attack

LayerZero published a statement claiming the exploit stemmed from a sophisticated RPC-poisoning attack that manipulated its DVN's verification process. It attributed the attack to the TraderTraitor subgroup of North Korea's Lazarus Group. According to LayerZero, the attackers compromised RPC nodes and fed forged data directly to the DVN while masking activity from monitoring systems.

LayerZero Labs placed responsibility on KelpDAO, arguing its 1-of-1 DVN configuration enabled the exploit, even though LayerZero's own DVN was the sole verifier KelpDAO relied on. LayerZero stated that it will no longer support single-DVN setups. The company also did not outline any intentions to compensate impacted users.

Sponsored by

Lido Earn lets you deploy ETH or stablecoins into curated DeFi strategies for optimised yield. Two vaults, daily rewards, automatic compounding, and first-loss protection. Get started on stake.lido.fi/earn

Notice - April 20, 2026: EarnETH has direct exposure to rsETH.

Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.

More from ETH Daily

Cover image for JP Morgan Buys $102m BMNR Shares

ETH Daily

Nov 8

JP Morgan Buys $102m BMNR Shares

J.P. Morgan acquired 1,974,144 shares of BitMine Immersion Technologies Inc. (BMNR), the world’s largest Ethereum treasury company.

Cover image for Succinct Announces $PROVE Airdrop

ETH Daily

Jul 28

Succinct Announces $PROVE Airdrop

$PROVE is the native token of the Succinct Prover Network and will serve as payment for generating proofs, economic security through staking and slashing, and governance.

Cover image for EigenDA Launches On Holesky Testnet

ETH Daily

Mar 29

EigenDA Launches On Holesky Testnet

Restakers, operators, rollup sequencers, and full nodes can now interact with EigenLayer on Holesky.