News 
Coin Information 
About us 
Customer Service 
LayerZero said a security incident tied to KelpDAO has resulted in an estimated $290 million loss and appears consistent with a sophisticated, state-aligned campaign linked to North Korea’s Lazarus ecosystem—an event now rippling across Ethereum-based restaking markets and major DeFi lending venues.
In a series of posts on X on Sunday UTC, LayerZero stated that KelpDAO was attacked, with initial findings pointing to a threat actor resembling ‘TraderTraitor,’ a group widely associated with Lazarus-linked operations. LayerZero emphasized the blast radius was limited to the construction of rsETH and did not affect other cross-chain assets or applications using the protocol.
According to LayerZero, the incident did not stem from a flaw in the LayerZero protocol itself. Instead, the attacker allegedly targeted subordinate RPC infrastructure used by the LayerZero Labs Decentralized Verifier Network (DVN), obtained the RPC set, compromised two nodes, and replaced the op-geth binary. At the same time, the attacker reportedly launched DDoS attacks against legitimate RPC endpoints to force failover conditions, creating an environment where the DVN could be manipulated into appearing to approve transactions that never occurred.
LayerZero said the affected RPC nodes have been taken offline and replaced, and that the LayerZero Labs DVN has resumed normal operations. The company also used the incident to reiterate an operational lesson for cross-chain applications: avoiding a ‘single point of failure.’ LayerZero described multi-DVN redundancy as an ‘industry best practice’ and said it is encouraging applications running a 1:1 DVN configuration to migrate to multi-DVN setups.
The ramifications quickly extended beyond the immediate exploit narrative. 0xngmi, the founder of DeFi data platform DefiLlama, outlined three possible paths to resolution and warned that, depending on how losses are socialized, Aave could face up to $341 million in potential bad debt tied to rsETH exposures.
In one scenario, losses are distributed across all users, implying roughly an 18.5% haircut per user and wiping out the net value of an estimated 666,000 rsETH positions across Aave deployments, 0xngmi said. Assuming a 95% liquidation threshold across chains, he estimated bad debt could total around $216 million. Under that framework, a backstop mechanism referred to as ‘Umbrella’ could cover about $55 million, while Aave’s available funds could contribute roughly $85 million—leaving a remaining gap that could require borrowing or the sale of about $51 million worth of AAVE tokens, he added.
A second scenario concentrates losses on L2 rsETH holders. Under that outcome, Aave could be left absorbing approximately $359 million of rsETH exposure at oracle prices, with bad debt potentially reaching about $341 million in a stressed “max borrow” assumption, 0xngmi wrote. He cautioned that Umbrella alone may be insufficient, raising the possibility that Aave might choose to protect select markets while retreating from others, including Arbitrum, Mantle, and Base.
A third option would attempt to restore balances based on a pre-attack snapshot while only covering what the attacker borrowed. 0xngmi estimated the hacker’s borrowings at roughly $124 million on Aave mainnet and $18 million on Arbitrum, with losses potentially reduced to about $91 million after applying the Umbrella backstop. However, he noted that extensive post-incident fund movements and the difficulty of separating depositors inside protocol pools could make implementation highly complex.
Signs of stress also appeared in on-chain flows. Analyst Yu Jin said Aave saw $10.1 billion in net outflows following the incident, pushing total value locked down to about $35.7 billion from roughly $45.8 billion. Of those withdrawals, about $4.5 billion were stablecoins, while Aave’s stablecoin deposit APY of 13.4% persisted for a day—an indication, observers said, of sudden liquidity shifts and heightened caution among users.
Elsewhere in the market, Bitcoin (BTC) spot ETFs extended their recent streak of inflows, providing a counterpoint to DeFi’s risk-off tone. Data cited by PANews and SoSoValue showed BTC spot ETFs recorded net inflows of about $996 million over the week of April 13–17 U.S. Eastern Time. BlackRock’s iShares Bitcoin Trust (IBIT) led with roughly $906 million in weekly inflows, bringing cumulative net inflows to approximately $64.63 billion. ARK Invest and 21Shares’ ARKB added about $98.5 million, while Fidelity’s FBTC posted about $104 million in net outflows. Total net assets across BTC spot ETFs stood near $101.45 billion, representing about 6.55% of Bitcoin’s total market capitalization, with cumulative net inflows of roughly $57.74 billion.
In Hong Kong, regulators and industry players outlined additional steps toward mainstreaming tokenized finance. The Securities and Futures Commission (SFC) said it would unveil a framework allowing licensed virtual asset trading platforms to offer trading in tokenized money market funds, with an initial pilot focused on money market products before potentially expanding to a broader range of authorized offerings. The SFC also described ongoing work on custody technology standards, insurance and compensation mechanisms, and automated reporting, alongside international cooperation designed to limit regulatory arbitrage.
Infrastructure compliance also advanced. OSL Group and Cheetah Trading said they completed Hong Kong’s first ‘travel rule’ integration, enabling end-to-end identity verification for digital asset transfers between the two platforms. The travel rule requires service providers to share sender and recipient information during transfers, a pillar of global AML frameworks.
On the protocol side, Ethereum (ETH) co-founder Vitalik Buterin used a Hong Kong Web3 event to frame the next four years as a race to improve ‘scalability’ while preparing for ‘quantum security.’ Buterin highlighted near-term priorities including gas limit increases, parallelization, and the introduction of ZKVMs—zero-knowledge virtual machines capable of executing complex computations with succinct proofs. Longer-term goals include hardening consensus to tolerate high node failure rates, expanding formal verification aided by AI-based proof generation, simplifying protocol design, and advancing account abstraction. He also pointed to early work on quantum-resistant primitives—such as hash- and lattice-based signatures—and referenced EIP-8141 in the context of supporting quantum-resilient signatures for smart contract wallets.
Meanwhile, prediction market platform Polymarket was reported to be in talks to raise $400 million at a valuation of around $15 billion, according to The Information. PANews said the company is also exploring additional strategic investors beyond Intercontinental Exchange (ICE), the parent of the New York Stock Exchange, which participated in a prior funding round reportedly totaling $600 million.
Macro risk factors were also on traders’ radar. U.K.-based maritime analytics firm Windward said 35 ships turned back over roughly 36 hours amid renewed uncertainty around passage through the Strait of Hormuz after Iran briefly reopened the route before restricting it again. Because the corridor is central to global oil flows, any sustained disruption could amplify energy price volatility and broader risk sentiment—variables that routinely spill into crypto markets during periods of heightened geopolitical stress.
For now, the KelpDAO-rsETH incident is being treated as a case study in how operational dependencies—such as RPC infrastructure and verification configurations—can become systemic risk vectors. While LayerZero maintains its core protocol functioned as designed, the episode is intensifying scrutiny of cross-chain security assumptions, restaking collateral design, and the resilience of DeFi’s backstops when ‘liquidity’ rapidly exits the system.
Comment 0