• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
CoinLaw LogoCoinLaw

Bringing Crypto and Finance Closer to You

  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
CoinLaw Logo
  • Latest News
  • Statistics
  • About
  • Contact
Subscribe
Home Β» Cryptocurrency

Kelp DAO Exploit Drains $292M, Lazarus Group Suspected

Published on: April 20, 2026
Kathleen Kinder
Written By
Kathleen Kinder
Kathleen Kinder
Senior Editor • 1,805 Articles
Kathleen Kinder brings over 11 years of experience in the research industry, with deep expertise in finance, cryptocurrency, and insurance. ... See full bio
LATEST POSTS:
Lawson Tests JPYC Stablecoin Payments at Tokyo Store
Webull Wins Dutch MiCAR Approval to Launch EU Crypto
Strive Buys 18 More Bitcoin, Treasury Hits 19,900 BTC
Barry Elad
Reviewed By
Barry Elad
Barry Elad
Founder & Senior Journalist • 583 Articles
Barry Elad is a finance and tech journalist who loves breaking down complex ideas into simple, practical insights. Whether he's exploring fi... See full bio
LATEST POSTS:
Best Decentralized Crypto Exchanges 2026: Volume and Fee Data
Best Crypto Tax Software: Features, Pricing, and Exchange Support
Bitcoin All-Time High Statistics 2026: Every Cycle Peak Across Four Halvings
Kelp Dao Suffers 292m Usd Hack
As Featured In
Bloomberg LogoForbes LogoFortune LogoCoinDesk LogoCoinMarketCap Logo
Share on LinkedIn ChatGPT Perplexity Share on X Share on Facebook

Kelp DAO exploit drains $292 million in a cross-chain bridge attack, with investigators pointing to a likely link to North Korea’s Lazarus Group.

Key Takeaways

  • $292 million worth of rsETH was drained from Kelp DAO’s LayerZero powered bridge.
  • Lazarus Group is identified as the likely attacker, according to LayerZero’s investigation.
  • The exploit exposed a critical single point failure in verifier setup.
  • Major DeFi platforms froze activity, while market fears triggered a drop in TVL and token prices.

What Happened?

An attacker exploited Kelp DAO’s cross-chain bridge infrastructure, draining 116,500 rsETH tokens and triggering widespread disruption across decentralized finance. The protocol paused operations shortly after, preventing further losses, while investigations pointed to a sophisticated infrastructure level attack.

Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate.

We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA.

We will keep you…

β€” Kelp (@KelpDAO) April 18, 2026

Exploit Origin and Attack Breakdown

The attack occurred at 17:35 UTC on April 18, when an attacker controlled wallet triggered a malicious transaction through LayerZero’s messaging system. This action convinced the system that a legitimate cross-chain request had been received, causing the protocol to release a massive amount of rsETH.

Investigators later found that the attacker wallet had been funded through Tornado Cash, a tool commonly used to obscure transaction origins in crypto exploits.

According to findings shared by LayerZero, the exploit was not due to compromised smart contracts or stolen private keys. Instead, the issue stemmed from a flawed system configuration within Kelp DAO’s infrastructure.

Single Point Failure Enabled the Attack

The root cause of the breach was a 1 of 1 decentralized verifier node setup, meaning only one verification node was responsible for validating cross-chain messages.

LayerZero had reportedly recommended a multi-verifier setup to improve redundancy and security. However, Kelp DAO continued operating with a single verifier, which significantly lowered the barrier for attackers.

The exploit followed a multi step process:

  • Attackers poisoned RPC infrastructure feeding the verifier network.
  • A DDoS attack forced failover to compromised backup systems.
  • The system validated fake cross-chain transactions, releasing funds.

This chain of events allowed attackers to extract nearly 18 percent of rsETH’s total circulating supply.

Newsletter Img
Don't chase the news. Let us curate it.

You get one weekly briefing with only the stories that matter. If the market is quiet, we skip it.

βœ… Join readers from Visa, Vanguard, and the FDIC.

Cross Chain Impact and Liquidity Crisis Risk

The drained funds were part of the reserve backing wrapped rsETH tokens across more than 20 blockchain networks, including major layer 2 ecosystems.

This created immediate uncertainty about whether those tokens still held value, as the underlying collateral had been removed.

Experts warn this could trigger:

  • Panic redemptions across networks.
  • Pressure on Ethereum based liquidity pools.
  • Forced unwinding of restaking positions.

The exploit also caused a ripple effect across DeFi platforms:

  • Aave froze rsETH markets on its latest versions.
  • SparkLend, Fluid, and Upshift also paused related markets.
  • Lido temporarily halted deposits into products with rsETH exposure.
  • Ethena paused its bridge operations as a precaution.

Meanwhile, AAVE token price dropped around 10 percent, reflecting concerns about potential bad debt exposure.

Market Reaction and Wider DeFi Fallout

The incident has been labeled the largest DeFi exploit of 2026 so far, surpassing earlier high profile attacks in the sector.

Following the breach:

  • Total value locked across DeFi dropped by about 7 percent, falling to roughly $85 billion.
  • Market participants rushed to assess exposure across interconnected protocols.

The broader context adds to the concern. Recent weeks have already seen multiple exploits across DeFi platforms, making this event part of a troubling trend.

Lazarus Group Suspected Involvement

LayerZero’s investigation points to the TraderTraitor subgroup of the Lazarus Group as the likely perpetrator. While not confirmed, the attribution aligns with known patterns of highly sophisticated attacks linked to North Korea.

The Lazarus Group has previously been connected to major crypto thefts, including high profile multi hundred million dollar hacks.

Security experts note that cross-chain protocols are especially attractive targets, as they hold large pooled liquidity and rely heavily on verification infrastructure.

LayerZero has confirmed:

  • No protocol code was compromised.
  • No private keys were exposed.
  • The vulnerability was purely architectural.

The company has since decommissioned affected infrastructure and restored operations, while working with law enforcement to trace the stolen funds.

CoinLaw’s Takeaway

From my perspective, this incident highlights a hard truth about DeFi that many projects still underestimate. Security is not just about smart contracts, it is about architecture.

In my experience, ignoring basic redundancy recommendations is one of the biggest risks in system design. I found it surprising that a protocol managing billions relied on a single verifier setup.

This was not just a hack, it was a preventable failure. And now, the consequences are spreading across the entire ecosystem.

If anything, this event will likely push stricter security standards across cross-chain infrastructure, because the cost of getting it wrong is now painfully clear.

Definition of Smart Contract. Link to full glossary entry follows the description.Smart Contract

A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when predefined conditions are met, without intermediaries.

Read more

Definition of DeFi. Link to full glossary entry follows the description.DeFi

Decentralized finance leverages blockchain protocols and smart contracts to enable lending, trading, and borrowing without banks or traditional intermediaries.

Read more

Definition of Cross-Chain. Link to full glossary entry follows the description.Cross-Chain

Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks.

Read more

Definition of Layer 2. Link to full glossary entry follows the description.Layer 2

A Layer 2 is a secondary blockchain built on top of Ethereum that bundles transactions off-chain and posts compressed data back to the main chain, cutting fees and raising throughput.

Read more

This article has been reviewed and fact-checked by Barry Elad. CoinLaw follows strict Publishing Principles and a documented Fact-Check Policy to ensure accuracy, transparency, and editorial independence across all content.

Add CoinLaw as a Preferred Source on Google for instant updates! Follow on Google News
Share ChatGPT Perplexity
Kathleen Kinder

Kathleen Kinder

Senior Editor


Kathleen Kinder brings over 11 years of experience in the research industry, with deep expertise in finance, cryptocurrency, and insurance. At CoinLaw, she writes timely, reader-focused news articles and also serves as a senior editorial reviewer. Drawing on her background in B2B research, consumer insights, and executive interviews, she ensures every piece delivers clarity, accuracy, and real-world relevance.

Related Posts

Us Court Orders Arbitrum To Pause Kelp Dao Fund Release
Cryptocurrency

Kelp DAO Hack Funds Frozen as US Court Steps In

Ripple Shares Dprk Hacker Intel After 577m Crypto Hacks
Cryptocurrency

Ripple Shares DPRK Hacker Intel After $577M Crypto Hacks

Upbit Starts Service Resumption After Recent Hack
Cryptocurrency

South Korea’s Upbit Reopens Wallets After Lazarus Group Cyberattack

Disclaimer:Β The content published on CoinLaw is intended solely for informational and educational purposes. It does not constitute financial, legal, or investment advice, nor does it reflect the views or recommendations of CoinLaw regarding the buying, selling, or holding of any assets. All investments carry risk, and you should conduct your own research or consult with a qualified advisor before making any financial decisions. You use the information on this website entirely at your own risk.

Reader Interactions

Leave a Comment Cancel reply

Primary Sidebar

Connect With Us

facebook x linkedin google-news telegram pinterest whatsapp email
google-preferred-source-badge Add as a preferred source on Google

You Should Also Read

Kelp DAO Fully Restores rsETH After $293M Lazarus Exploit
Aave, Mantle, Lido Unite to Contain Loss From $292M Crypto Hack
Aave and KelpDAO Start $278M rsETH Recovery Plan

Table of Contents

  • Key Takeaways
  • What Happened?
  • Exploit Origin and Attack Breakdown
  • Single Point Failure Enabled the Attack
  • Cross Chain Impact and Liquidity Crisis Risk
  • Market Reaction and Wider DeFi Fallout
  • Lazarus Group Suspected Involvement
  • CoinLaw’s Takeaway
Connect on Telegram

Footer

CoinLaw Logo

Bringing Finance Closer to You.

Connect With Us

Follow Us on Google News

Editorial & Trust

  • About
  • Publishing Principles
  • Fact-Check Policy
  • Corrections Policy
  • Ethics Policy
  • Disclaimer
  • Cookie Policy

Worth Checking

  • Best Cloud Mining Platforms
  • Millennial vs. Gen Z Banking
  • Ethereum Gas Fees Statistics
  • Binance vs. Coinbase Statistics
  • Zelle vs. Venmo Statistics
  • Traditional Banks vs. Neobanks
  • Crypto Exchange Hack Statistics
Contact Us
13570 Grove Dr #189,
Maple Grove, MN 55311,
United States
10β€―a.m. – 6β€―p.m. | Every day

Copyright Β© 2024–2026 CoinLaw. All Rights Reserved. Powered by the HODL Force ❀️

  • Privacy Policy
  • Terms
  • Accessibility Statement
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
Manage options
  • {title}
  • {title}
  • {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
Manage options
  • {title}
  • {title}
  • {title}
Company
  • About Us
  • Our Team
  • Our Mission
  • Core Values
Discover
  • glossary icon
    Glossary
  • Stats
    Stats Research Process
  • Brand Guide Icon
    Brand Assets
Categories
  • Cryptocurrency
  • Payments
  • Banking
  • Finance
  • Insurance
Cryptocurrency
Bitcoin All-Time High Statistics
Bitcoin All-Time High Statistics 2026: Every Cycle Peak Across Four Halvings
Crypto Market Capitalization Statistics
Crypto Market Capitalization Statistics 2026: Totals, Dominance, and Trends
How Many People Use Cryptocurrency Worldwide
How Many People Use Cryptocurrency Worldwide 2026: Global User Count by Year and Region
Stablecoin Market Cap Statistics
Stablecoin Market Cap Statistics 2026: Issuer Share and Growth
Coinbase vs Kraken Statistics
Coinbase vs Kraken Statistics 2026: Volume, Fees, Licenses
Solana vs Ethereum Statistics
Solana vs Ethereum Statistics 2026: TVL, Fees, Validators, ETFs
Payments
Remittances By Country Statistics
Remittances by Country Statistics 2026: Inflows and Cost
Cash App vs Zelle Statistics
Cash App vs Zelle Statistics 2026: Speed, Limits and User Data
Venmo vs. PayPal Statistics
Venmo vs PayPal Statistics 2026: Users, Fees and Volume
Toast Statistics
Toast Statistics 2026: ARR, GPV & Revenue Data
Rapyd Statistics
Rapyd Statistics 2026: TPV, Valuation & Licences
Marqeta Statistics
Marqeta Statistics 2026: TPV, Revenue and Customer Mix
Banking
The 15 Largest Banks in the US
The 15 Largest Banks in the US in 2026: By Assets, Deposits, and Branches
N26 Statistics
N26 Statistics 2026: Customers, Deposits, Revenue and the BaFin Growth Cap
Revolut vs Monzo Statistics
Revolut vs Monzo Statistics 2026: Customers & Profit
Islamic Banking Statistics
Islamic Banking Statistics 2026: Assets, Growth, and Top Markets
Credit Union Statistics
Credit Union Statistics 2026: Assets, Members, Loans
Banking API Statistics
Banking API Statistics 2026: Market Size, Adoption, and Growth
Finance
Emergency Fund Statistics
Emergency Fund Statistics 2026: How Much Americans Have Saved (and How Much They Should)
Financial Advisor Statistics
Financial Advisor Statistics 2026: Headcount, AUM, and Demographics
Wealth Inequality Statistics
Wealth Inequality Statistics 2026: Hidden Wealth Divide
Blockchain In Supply Chain Finance Statistics
Blockchain in Supply Chain Finance Statistics 2026: Trade Breakthrough
Blockchain In Healthcare Finance Statistics
Blockchain in Healthcare Finance Statistics 2026: Cost Breakthrough
AI-Powered Robo Trading Statistics
AI-Powered Robo Trading Statistics 2026: Big Insights
Insurance
Lemonade Insurance Statistics
Lemonade Insurance Statistics 2026: Customers, In-Force Premium, Loss Ratio, Pet & Auto Segments
Chubb Statistics
Chubb Statistics 2026: Powerful Data Insights
Virtual Reality In Insurance Statistics
Virtual Reality In Insurance Statistics 2026: Innovations, Risks, and Opportunities
US Life Insurance Industry Statistics
US Life Insurance Industry Statistics 2026: Growth Facts
US Auto Insurance Industry Statistics
US Auto Insurance Industry Statistics 2026: What You Must Know Now
UK Insurance Industry Statistics
UK Insurance Industry Statistics 2026: Growth Data
Categories
  • Cryptocurrency
  • Investments
  • Fintech
  • Compliance
  • Finance
Cryptocurrency
Lawson Trials Jpyc Stablecoin Payments
Lawson Tests JPYC Stablecoin Payments at Tokyo Store
Webull Wins Dutch Micar Approval
Webull Wins Dutch MiCAR Approval to Launch EU Crypto
Strive Buys 18 More Bitcoin
Strive Buys 18 More Bitcoin, Treasury Hits 19,900 BTC
Strategy Adds 450m To Usd Reserves
Strategy Adds $450 Million to Its USD Reserve
Startale Unveils Self Custodial Visa Card
Startale Unveils Self-Custodial Visa Card, Institutional Kits
Bank Of Thailand And Sec Launch Joint Usdt Audit
Bank of Thailand and SEC Launch Joint USDT Audit
Investments
Former Tether Cio Seeks To Sell 1 26 Stake
Former Tether CIO Seeks to Sell 1.26% Stake via PJT Partners
Binance Reportedly Set To Lead Mesh S 2b Round
Binance Reportedly Set to Lead Mesh’s $2B Round
Kiwoom Chases Bithumb Stake South Korea
Kiwoom Chases Bithumb Stake as South Korea Crypto Expands
Sbi Seals 288m Bitbank Acquisition
SBI Seals $288M Bitbank Acquisition to Expand in Japan
Kraken Plans 72m Investment In Aave For A Stake
Kraken Eyes Major Aave Deal With $71M Investment Plan
Bybit Launches Pwm 2 0 For Vip2 Wealth Investors
Bybit Launches PWM 2.0 for VIP2+ Wealth Investors
Fintech
Bybit Skills Marketplace Launch
Bybit Launches AI Marketplace for Yield Strategies
Evernorth Launches Japanese X Account Before Nasdaq Debut
Evernorth Launches Japanese X Account Before Nasdaq Debut
Bingx Launches Visa Debit Card With Wirex
BingX Launches Visa Debit Card With Wirex For Digital Assets
Hsbc Issues First Digitally Native Structured Note
HSBC Issues First Digitally Native Structured Note
21shares Drops Cf Benchmarks For Ftse Across All Crypto Etfs
21Shares Drops CF Benchmarks for FTSE Across Six Crypto ETFs
Crypto Com Launches Loaded Lions Mane City Mobile
Crypto.com Launches Loaded Lions: Mane City Mobile
Compliance
Polymarket Files For Us Margin Trading License
Polymarket Files for US Margin Trading License
Circle Faces Criminal Complaint Over Stolen Usdc Recovery
Circle Faces Criminal Complaint Over Stolen USDC Recovery
Coinbase Wins Uk Mifid License For Stocks And Derivatives
Coinbase Wins UK MiFID License for Stocks and Derivatives
South Korea Court Proposes Crypto Seizure Rules
South Korea Court Proposes Crypto Seizure Rules
Ripple Wins Full Mica Casp License In Luxembourg
Ripple Wins Full MiCA CASP License in Luxembourg
South Africa Unveils New Crypto Taxation Framework
SARS Publishes Draft Crypto Tax Guide for Comment
Finance
Avax One Regains Nasdaq Listing Compliance
AVAX One Regains Nasdaq Listing Compliance
Kraken Lets Traders Post Tokenized Stocks As Collateral
Kraken Lets Traders Post Tokenized Stocks as Collateral
Kalshi Targets Ipo After Massive Valuation
Kalshi Targets IPO After Massive Growth and $22B Valuation
Coinbase To Launch Tokenized Us Stocks
Coinbase Sparks New Race With 1:1 Backed Tokenized Stocks
Bitmine Launches 300m Preferred Stock Offering
Bitmine Launches $300M Preferred Stock to Buy More ETH
Coinbase Lists Spacex Pre Ipo Perpetual Futures
Coinbase Lists SpaceX Pre IPO Perpetual Futures
Newsletter Img

Too much noise in crypto?

We respect your time. You get one high-impact briefing a week. If the market is quiet, so are we.

βœ… Join readers from Visa, Vanguard, and the FDIC.
Newsletter Img

The Weekly Briefing

We track the market 24/7. You get a 5-minute summary. If it’s quiet, we skip it.

βœ… Read by pros at Visa, Vanguard, and the FDIC.