LayerZero published a statement claiming the $290 million KelpDAO exploit stemmed from a sophisticated RPC-poisoning attack that manipulated its DVN's verification process. It attributed the attack to the TraderTraitor subgroup of North Korea's Lazarus Group. According to LayerZero, the attackers compromised RPC nodes and fed forged data directly to the DVN while masking activity from monitoring systems.

LayerZero Labs placed responsibility on KelpDAO, arguing its 1-of-1 DVN configuration enabled the exploit, even though LayerZero's own DVN was the sole verifier KelpDAO relied on. LayerZero stated that it will no longer support single-DVN setups. The company also did not outline any intentions to compensate impacted users. Aave subsequently froze WETH and LST markets as the exploit rippled through DeFi.

EarnUSD is a stablecoin vault by Lido for earning transparent, onchain USD-denominated rewards. Get started today at stake.lido.fi/earn

Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.