KelpDAO Hack 2026 — $292M Exploit Analysis

Attackers exploited a LayerZero OFT bridge verification flaw and poisoned RPC to mint unbacked rsETH and steal ~$292M, linked to North Korean Lazarus Group.

Details

Full Description

On April 18, 2026, KelpDAO's LayerZero OFT bridge was exploited through a cross-chain verification flaw combined with a socially engineered poisoned RPC node. The attackers minted unbacked rsETH and drained approximately $292M across Ethereum and Arbitrum. Blockchain investigators linked the operation to North Korea's Lazarus Group based on fund-flow patterns. Approximately $71M was frozen on Arbitrum through coordinated validator action.

Laundering Analysis

Portions frozen on Arbitrum by validators (~$71M). Remaining funds moved through cross-chain bridges and DEX swaps; Lazarus Group attribution based on on-chain fund-flow patterns.

Sources

Transaction Hashes

Related Hacks

Back to Browse