Kelp DAO Suffers $292 Million Loss in LayerZero Exploit Linked to Lazarus Group

Kelp DAO suffered a $292M loss on April 16, 2026 after attackers—believed to be linked to North Korea's Lazarus Group—exploited a single-validator configuration in LayerZero by compromising two RPC servers and executing a DDoS to redirect traffic to malicious nodes; the incident exposed that nearly 47% of LayerZero applications used the vulnerable 1-of-1 validator setup (placing ~$4.5B at risk) and prompted Kelp DAO to migrate to Chainlink's cross-chain infrastructure.