LayerZero Points Finger at Kelp DAO for $290M Bridge Exploit

A recent security exploit on the Kelp DAO bridge has highlighted the importance of robust security measures in decentralized finance (DeFi) protocols. The incident occurred due to a vulnerable security configuration, which was previously warned against by LayerZero.

Kelp DAO's rsETH bridge relied on a single Decentralized Verifier Network (DVN), despite repeated warnings from LayerZero and other external parties about the risks of using a single point of failure. This setup allowed attackers to drain approximately 116,500 rsETH, worth $292-$293 million at the time.

Preliminary analysis suggests that North Korea-linked threat actors orchestrated the attack, which is consistent with the sophisticated nature of the exploit. The Lazarus Group attribution has been made by LayerZero.