$290M KelpDAO Hack Exposes RPC Attack Linked to Lazarus Group

• RPC attack bypassed safeguards, enabling $290M exploit on KelpDAO rsETH
• Single verifier setup exposed vulnerability, allowing attackers to manipulate transaction confirmations
• LayerZero confirms no contagion, stresses need for multi-verifier security models

KelpDAO suffered a major exploit that exposed weaknesses in blockchain infrastructure rather than core protocol design. The incident resulted in losses of nearly $290 million and quickly drew industry-wide attention. According to LayerZero Labs, early findings point to a coordinated RPC-based attack linked to the Lazarus Group.

According to the official disclosure, the attackers did not breach the underlying protocol. Instead, they targeted the verification process that depends on external data sources. Consequently, the attack highlights a growing focus on infrastructure-level vulnerabilities within decentralized systems.

Moreover, the breach centered on KelpDAO’s rsETH configuration, which relied on a single verification network. This setup created a direct point of failure that attackers exploited with precision. As a result, manipulated data passed through validation checks and triggered unauthorized transaction confirmations.

Additionally, LayerZero confirmed that the exploit remained isolated to this specific configuration. Other applications using diversified verification models continued operating without disruption. Hence, the containment demonstrates the importance of distributed validation in reducing systemic risk.

Also Read: Crypto Market Stalls as BTC Holds $74K While Altcoins Explode Higher

RPC manipulation enabled forged transaction confirmations

According to the technical explanation, attackers compromised specific RPC nodes used in transaction verification. They replaced node binaries and altered system responses to deliver false data selectively. Consequently, the manipulated nodes provided incorrect transaction details only to targeted verification systems.

However, monitoring services continued receiving accurate data, which delayed detection of the breach. Moreover, the attackers launched DDoS activity against unaffected nodes to force system failover. This shift increased reliance on compromised infrastructure and allowed the attack to succeed.

As a result, the verification network confirmed transactions that never occurred on-chain. Despite this, LayerZero stated that its protocol functioned as designed throughout the incident. The failure originated from how the external infrastructure fed data into the system.

Furthermore, LayerZero reiterated that multi-verifier setups reduce reliance on a single data source. Such configurations prevent attackers from exploiting isolated weaknesses within verification networks. In contrast, KelpDAO’s single-layer approach created conditions for the exploit to unfold. Additionally, all affected systems have been replaced, and security measures have been strengthened. The breach underscores a shift toward infrastructure-focused attack strategies in blockchain ecosystems. It also reinforces the need for redundant verification systems to prevent similar incidents.

Also Read: Michael Saylor Signals Bigger Bitcoin Bet as Strategy Nears 800,000 BTC

The post $290M KelpDAO Hack Exposes RPC Attack Linked to Lazarus Group appeared first on 36Crypto.