LayerZero responds to Kelp DAO’s 292 million incident: it indicates that Kelp set up a custom 1-of-1 DVN configuration, and the attacker was North Korea’s Lazarus.

Cross-chain messaging protocol LayerZero issued an official statement in a long post on its official X account, Taiwan time noon on April 20, responding to the $292 million hack of Kelp DAO two days earlier. According to a CoinDesk report, LayerZero clearly attributes the cause of the incident to Kelp DAO’s “own decision to use a 1-of-1 DVN configuration with a single verifier.” It also, for the first time, attributes the attack to a unit within the TraderTraitor squad under the North Korea Lazarus Group—an attack group that had previously been viewed as the executor behind the April 1 Drift Protocol $285 million incident.

What is 1-of-1 DVN

LayerZero v2 uses a DVN (Decentralized Verifier Network) architecture. When deploying a project, it can choose how many independent verifier nodes to use to form consensus, ranging from 1-of-1 (a single node) to M-of-N (requiring a majority of agreement). The number of DVNs determines the tolerance boundary: 1-of-1 means that once that single node is compromised, cross-chain messages can be forged; M-of-N means attackers must compromise more than half of the nodes in order to forge them.

In its statement, LayerZero noted: “KelpDAO chose to use a 1-of-1 DVN configuration. A properly set up multi-verifier architecture would require consensus among multiple independent DVNs. Even if any single verifier is compromised, the attack would still be ineffective.” The project’s official integration checklist and direct communication with Kelp had both previously recommended adopting a multi-verifier redundant design.

Attack method: binary software on the RPC node replaced, selective deception

LayerZero disclosed technical details of the attack. The attackers compromised two RPC (Remote Procedure Call) nodes used by LayerZero verifiers to read and write on-chain data—LayerZero verifiers use a combination of internal and external RPC nodes to add redundancy. The hackers replaced the native binary software executed on these two nodes with modified malicious versions.

The malicious binary is designed to be extremely cunning: it falsely reports a single message to LayerZero’s verifier that “a forged cross-chain transaction has occurred,” but for all other systems querying the same node (including LayerZero’s own monitoring systems querying with different IP addresses), it continues to return correct data. This “selective lying” makes the attack nearly completely invisible at LayerZero’s monitoring layer.

Lazarus pulled $575 million from DeFi in 18 days

LayerZero attributes the attack to the TraderTraitor squad under North Korea’s Lazarus Group, marking it as a “preliminary high-confidence attribution.” The same squad had previously been viewed as the executor behind the April 1 Drift Protocol $285 million incident—18 days apart, the two incidents together pulled more than $575 million from the DeFi market.

The path structures of the two attacks were completely different: Drift was carried out through a social engineering attack on governance signers (North Korea disguises identities to entice multi-sig holders to sign a malicious transaction); Kelp, on the other hand, is done by infecting the infrastructure layer (RPC nodes) and deceiving the verification protocol. This indicates that Lazarus’s DeFi attack capabilities have moved beyond the traditional boundary of “smart contract vulnerabilities,” expanding in two parallel directions: “attacking people” and “attacking infrastructure.”

LayerZero’s three policy declarations

LayerZero put forward three clear stances in its statement. First, the incident stems from Kelp’s configuration choice rather than a protocol-level vulnerability. Second, after a comprehensive review, it has confirmed that no other applications in the protocol have related risks (applications using the OFT standard + multi-verifier were all unaffected). Third, starting immediately, LayerZero will no longer sign messages for any application that uses a 1-of-1 verifier configuration, forcing all integrators to upgrade to a multi-verifier architecture.

This is the first time LayerZero has set a “minimum security threshold” at the protocol level—previously, multi-verifiers were only “recommended,” but now it becomes a mandatory requirement. This move is both a way to cut responsibility from the Kelp incident and a signal of collective security upgrades for the entire DeFi ecosystem. For a small number of projects that still have not switched to multi-verifier configurations, there may be a delisting risk within this week.

Responsibility assignment remains disputed

LayerZero pushed responsibility clearly onto Kelp’s configuration choice, but external community views are not consistent. Some DeFi observers pointed out: since the protocol supports 1-of-1—an extremely fragile configuration—by default, and lacks a mandatory minimum DVN threshold, you cannot place all responsibility on the client side. There is also a similar pattern visible in the RAVE incident earlier this week—between infrastructure providers (exchanges/protocols) and the application layer (token issuing projects/projects), the boundary of responsibility has become a structural point of contention in the DeFi ecosystem in 2026.

For the liquidation risk faced by affected Kelp DAO users and lending protocols such as Aave, SparkLend, and Fluid, LayerZero did not provide a compensation plan; Kelp DAO’s official side also has not yet announced the details of any payout. The key focus for the coming week will be: the effective timeline for LayerZero’s forced multi-verifier policy, the number of projects still using 1-of-1, and whether Kelp can compensate users partially from internal reserves or with assistance from LayerZero for their losses.

This article: LayerZero responds to Kelp DAO’s $292 million incident—referring to Kelp choosing a 1-of-1 DVN configuration, with the hacker first appearing to be the North Korean Lazarus; first published on Chain News ABMedia.