Gate News message, April 20 — LayerZero released preliminary findings on the Kelp DAO exploit that occurred on April 18, attributing the attack to a highly sophisticated state-backed threat actor, likely North Korea’s Lazarus Group subgroup known as TraderTraitor. The incident resulted in the loss of 116,500 rsETH tokens worth approximately $292 million, marking the largest DeFi exploit this year.
According to LayerZero’s investigation, attackers gained access to the list of RPC nodes used by LayerZero Labs’ decentralized verifier network (DVN), a system of independent entities responsible for validating cross-chain messages. Two nodes were poisoned to transmit a fraudulent message, while attackers simultaneously launched a distributed denial-of-service attack against uncompromised nodes. The forged message was accepted because Kelp DAO configured its bridge using a single 1-of-1 DVN setup with no secondary verifier to detect or reject the fraudulent transaction. LayerZero had previously advised Kelp DAO to diversify its DVN configuration. In response, LayerZero announced it will no longer sign messages for applications using 1/1 DVN configurations and is cooperating with law enforcement to track the stolen funds.
Separately, Ethereum Name Service gateway eth.limo disclosed that its domain hijacking on Friday, April 18, was caused by a social engineering attack targeting its service provider, easyDNS. An attacker impersonated an eth.limo team member and initiated an account recovery process, gaining access to the eth.limo account and modifying DNS settings to redirect traffic to Cloudflare-controlled infrastructure. The platform serves approximately two million decentralized websites using the .eth domain system. However, the Domain Name System Security Extension (DNSSEC) limited the damage by adding cryptographic verification to DNS records; because the attacker lacked the required signing keys, many DNS resolvers rejected the manipulated records, preventing malicious redirects. EasyDNS CEO Mark Jeftovic acknowledged the breach as the first successful social engineering attack against an easyDNS client in the company’s 28-year history and stated the company is implementing security improvements to prevent similar incidents.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Major CEX Launches Event Contracts For Short-Term BTC And ETH Price Trading
A global exchange has launched Event Contracts, allowing users to bet on Bitcoin and Ethereum price movements over set timeframes. This simplified trading option features low costs and automatic settlement, aimed at easing short-term investment strategies.
GateNews1h ago
Ethereum Phishing Attack Drains $585K From Four Users, Single Victim Loses $221K WBTC
A coordinated Ethereum phishing attack drained $585,000 from four victims, exploiting user permissions through a deceptive link. This incident highlights the rapid loss of funds via social engineering, even under the guise of legitimacy.
GateNews3h ago
Major CEX Launches Crypto-Backed Lending in UK, Supporting BTC, ETH, and cbETH for USDC Borrowing
A centralized exchange launched crypto-backed lending services in the UK, allowing instant USDC loans using BTC, ETH, and cbETH as collateral, powered by Morpho. Total loans issued surpassed $2.17 billion since the service's US debut in January 2025.
GateNews4h ago
Singapore's OCBC Bank to Launch Physical Gold Fund Token on Ethereum and Solana
OCBC and Lion Global Investors are launching a physical gold fund token, GOLDX Token, on Ethereum and Solana blockchains, with OCBC handling design and Lion Global managing investment and governance.
GateNews4h ago
ETH jumps 1.22% in 15 minutes: DeFi segment activity and trading volume surge resonate to drive the move
2026-04-20 07:15 to 07:30 (UTC), ETH’s short-term return reached +1.22%. The price range spanned from 2285.19 to 2332.62 USDT, with a 2.07% amplitude. During this period, market attention heated up, volatility noticeably intensified. On-chain transaction volume rose in tandem, and key mainstream on-chain activity indicators expanded significantly on a month-over-month basis.
The primary driver of this deviation was an increase in transaction activity related to DeFi protocols, which boosted the share of on-chain Gas consumption. At the same time, total on-chain transaction volume saw a sharp surge in a short time. DeFi scenarios such as decentralized exchanges and lending protocols led to a direct surge in demand for ETH, driving funds to flow quickly into the market. In addition, the average Gas fees and Gas prices on the ETH network continued to climb in this window, further validating that high-frequency trading and active capital were accelerating into the market and strengthening short-term bullish sentiment.
Second, on-chain data also showed an expansion in liquidity related to stablecoins and ERC20 assets, strengthening market buy-side power. Although historical large-wallets such as Wilcke still held a large amount of ETH after early March, this cycle did not trigger abnormal transfers or large-scale sell-offs. Meanwhile, the positioning structure of mainstream ETH did not show passive deleveraging or concentrated liquidation. Under the combined effects of multiple factors, global buy-side demand was amplified, and short-term ETH volatility was further elevated.
Be alert to the risk of capital sustainability after a surge in high-frequency trading volume and Gas fees. If subsequent incremental buying is lacking or on-chain attention cools down, ETH may face short-term pullback pressure. Monitor changes in large-holder positions, any abnormal shifts in network fees, and liquidity volatility on the DeFi protocol chain. While there have been no signs of security incidents involving major contracts and protocols so far, short-term liquidity disturbances still need close observation. Keep monitoring fund flows and on-chain structure to stay informed about subsequent market changes.
GateNews4h ago
