# LayerZero RPC-Poisoning Attack

> LayerZero attributed the KelpDAO exploit to an RPC-poisoning attack by the TraderTraitor subgroup of North Korea's Lazarus Group.

**Published by:** [ETH Daily](https://ethdaily.io/)
**Published on:** 2026-04-20
**Categories:** news, 2026, april2026, layerzero, kelpdao, exploit, lazarus, dprk, rpc, dvn, security
**URL:** https://ethdaily.io/layerzero-rpc-poisoning-attack

## Content

LayerZero published a statement claiming the exploit stemmed from a sophisticated RPC-poisoning attack that manipulated its DVN's verification process. It attributed the attack to the TraderTraitor subgroup of North Korea's Lazarus Group. According to LayerZero, the attackers compromised RPC nodes and fed forged data directly to the DVN while masking activity from monitoring systems. LayerZero Labs placed responsibility on KelpDAO, arguing its 1-of-1 DVN configuration enabled the exploit, even though LayerZero's own DVN was the sole verifier KelpDAO relied on. LayerZero stated that it will no longer support single-DVN setups. The company also did not outline any intentions to compensate impacted users.Sponsored byLido Earn lets you deploy ETH or stablecoins into curated DeFi strategies for optimised yield. Two vaults, daily rewards, automatic compounding, and first-loss protection. Get started on stake.lido.fi/earn Notice - April 20, 2026: EarnETH has direct exposure to rsETH.Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.

## Publication Information

- [ETH Daily](https://ethdaily.io/): Publication homepage
- [All Posts](https://ethdaily.io/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@ethdaily): Subscribe to updates
- [Twitter](https://twitter.com/intent/follow?screen_name=ethdaily): Follow on Twitter