LayerZero, which operates the underlying infrastructure, said in a preliminary review that the incident may be connected to the Lazarus Group, specifically a subgroup known as TraderTraitor.
LayerZero said on April 21 (local time) that the hack occurred April 18 and caused losses of about $290 million, or about 4.285 trillion won. Investigators believe the attacker interfered with KelpDAO’s process for verifying asset transfers, allowing nonexistent transactions to be approved as if they were legitimate — effectively tricking the validation system to siphon funds.
The two sides are disputing how the breach was possible and who is responsible. LayerZero said KelpDAO’s verification design was overly simple, creating a single point of failure. KelpDAO countered that the root cause was a breach of LayerZero-provided infrastructure, not a flaw in KelpDAO’s service.
Fallout is spreading. The Arbitrum Security Council froze 30,766 ether tied to the hack, worth about $71 million, or about 104.9 billion won. Crypto lending service Aave also temporarily halted transactions involving assets linked to the incident while it assesses the scale of losses.
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.