Skip to content
- LayerZero exploit exposes rsETH flaw triggering massive $290M DeFi loss
- Single verifier weakness allowed attackers to manipulate transaction validation process
- Lazarus Group linked attack highlights risks in cross chain infrastructure
An attack on LayerZero has led to losses of approximately $290 million, as hackers recognized and took advantage of structural vulnerabilities in the rsETH setup associated with KelpDAO. The breach, according to official incident report, was not a result of a defect in the core protocol, but rather a result of the processing and validation of transaction data by a single verifier configuration, under particular circumstances.
The event took place on April 18, when attackers were able to breach part of the RPC infrastructure of the Decentralized Verifier Network of LayerZero Labs, which is one of the main components in verifying cross-chain messages. As a result, the verification procedure was fed with manipulated inputs, and the system accepted the transactions, which had not taken place on-chain. In addition, the attackers also employed this strategy with a synchronized denial-of-service attack, which also compelled the network to use the compromised nodes when they were performing critical verification.
Also Read: Abraxas Bitcoin Transfers Hit $691M as BTC Tests Key Resistance Levels
Security researchers have credited the attack to the Lazarus Group, a subunit they call TraderTraitor, which has a track record of attacking digital asset infrastructure. They were also based on subtle manipulation instead of direct system access, which enabled them to avoid the traditional monitoring mechanisms and operate in stealth mode. The rogue nodes also responded to external queries with valid data, thus greatly decreasing the chances of being detected early by usual observability mechanisms.
Single verifier setup leaves rsETH exposed to targeted manipulation
The attack targeted rsETH, an asset of KelpDAO, which operated under a 1-of-1 verifier setup a single DVN was in charge of all the verification duties of the transaction without redundancy. Because of this, when attackers had control over the data they fed into that verifier, the system did not have an autonomous system that could detect and discard forged transaction messages. In addition, researchers established that hackers substituted binaries in the affected nodes, and thus, they could inject highly customized payloads that could resemble legitimate transaction data.
To mitigate the chances of single point of failure, LayerZero has always advised the deployment of a number of independent verifiers, particularly in high-value settings that deal with cross-chain assets. Nevertheless, KelpDAO had a single verifier configuration in spite of these suggestions, which greatly exposed this organisation to such a coordinated infrastructure attack.
Containment measures and response limit broader ecosystem impact
Regardless of the severity of the losses, LayerZero ensured that the issue was contained to the rsETH setup, and that there was no sign of contagion to other assets and applications in the ecosystem. Also, all the compromised RPC nodes were immediately eliminated and substituted, which contributed to restoring the regular functioning and stabilizing the compromised systems.
The firm has since implemented tougher enforcement such as denying applications that are based on the single verifier settings, as well as collaborating with international law enforcement forces in tracking the flow of stolen finances.
In conclusion, the incident demonstrates how configuration decisions can directly influence security outcomes in decentralized systems, while also highlighting the importance of redundancy when relying on external infrastructure for transaction verification.
Also Read: Hong Kong Firm Pushes $150M Credit Fund Onchain as Tokenization Accelerates
