Inside the KelpDAO Bridge Exploit: How ~$292 Million in rsETH Was Released Against a Non-Existent Burn

On April 18, 2026, attackers attributed to DPRK’s Lazarus Group (TraderTraitor) compromised LayerZero’s off-chain infrastructure—compromising internal RPC nodes and DDoS’ing external nodes—to forge a cross-chain message that caused KelpDAO’s LayerZero bridge to release 116,500 rsETH (~$292M) on Ethereum without a corresponding burn on the source chain; traditional on-chain transaction monitoring failed to detect the attack because every transaction and signature appeared valid, and rapid responses (contract pauses and an Arbitrum Security Council freeze of ~30,766 ETH) prevented a follow-up $95M theft and limited attacker proceeds.