Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, Mastercard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
tag
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Others
CFD
Rewards

KelpDAO $290M Exploit Attributed to North Korea's Lazarus Group

CryptoFrontier
Project ProgressToken EventsSecurity IncidentsExchange Riskethereum newsGeopoliticsEnforcement ActionsOn-Chain Data
ZRO3.18%
ETH-1.11%
AAVE-1.37%

LayerZero attributed a $290 million exploit of KelpDAO's cross-chain rsETH configuration to North Korea's Lazarus Group on April 18, describing the attacker as a "highly-sophisticated state actor." According to LayerZero, the incident was limited to KelpDAO's rsETH setup and did not spread to other assets or applications using the protocol.

## Exploit Mechanics and Attribution

LayerZero says the attack targeted downstream RPC infrastructure used by its Decentralized Verifier Network rather than exploiting the LayerZero protocol itself. The company states that compromised nodes have been replaced and the verifier network is back online. LayerZero attributes the attack to Lazarus Group and its TraderTraitor unit based on preliminary indicators.

## Financial Impact on Aave

According to blockchain tracker LookonChain, the exploit led to roughly $292 million worth of rsETH being minted illegitimately. The attacker then used the token as collateral to borrow more than 82,600 Ether (ETH), worth about $195 million, from Aave.

The bad debt triggered large withdrawals from Aave, causing its total value locked (TVL) to fall by $6.28 billion in less than 48 hours, declining from $26.396 billion to $20.114 billion, according to LookonChain.

## Major Withdrawals

LookonChain identified major withdrawals following the exploit:
- $431 million from MEXC
- $405.7 million from wallet 0x7CD0, possibly linked to Nonco
- $392 million from Abraxas Capital

## Response and Remediation

Aave moved to freeze rsETH markets on V3 and V4 to prevent additional borrowing and deposits while evaluating options to cover any deficit.

View Source
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.

Related News

04-21 08:21
Arbitrum Security Council Freezes 30,766 ETH From KelpDAO Exploit, 9 of 12 Members Vote in Favor
04-21 03:49
KelpDAO Exploiter Burns $70.94M Worth of ETH on Arbitrum
04-19 11:42
KelpDAO Exploiter Borrows $195M ETH from Aave, TVL Drops $6.28B as Whales Withdraw
Related Articles

Arbitrum emergency freezes KelpDAO hacker’s 30,766 ETH

Market Whisper04-21 05:05

Kelp DAO refutes LayerZero criticism; Aave bad debt reaches up to $230 million

Market Whisper04-21 04:00

DefiLlama denies exaggerated claims about the metrics, saying that Aave data has been excluded from the circulating liquidity calculation

Market Whisper04-21 02:57

A Kelp bridge hack spreads and affects Aave, as TVL plunges and bad debt surges to 196 million

Market Whisper04-20 01:48
Comment
0/400
BridgeHopRangervip
· 04-24 10:17
From Aave's perspective, stop the bleeding first before discussing recovery; can the liquidation/default handling process be made more transparent?
View OriginalReply0
GateUser-6857a9c9vip
· 04-22 12:01
If it ultimately turns into "debt-to-coin," then it means transferring the risk to the person taking over, and it depends on whether the terms are sufficiently fair.
View OriginalReply0
AirdropNightwatchvip
· 04-22 10:00
Umbrella as a reserve mechanism, this time it was a stress test. Should the parameters be adjusted upward?
View OriginalReply0
GateUser-a7fefe8cvip
· 04-21 23:19
Departure NFC
View OriginalReply0
GateUser-21ddf7c7vip
· 04-21 16:19
I hope this time we can recalibrate the risk model that depends on third-party DAOs, otherwise similar incidents will happen again.
View OriginalReply0
Don'tCallMeABagHolder.vip
· 04-21 15:55
I am more concerned about whether the source of $kRecovery 's buyback funds is sustainable, relying on protocol revenue or external injections? The risks of the two are completely different.
View OriginalReply0
ybaservip
· 04-21 12:43
2026 GOGOGO 👊
Reply0
ybaservip
· 04-21 12:43
To The Moon 🌕
Reply0
L2ArbitrageTradervip
· 04-21 11:41
The key is to first clarify the actual exposure: Which specific types of positions in Aave are affected, and what are the bad debt pathways? Otherwise, it will be very difficult to review and build confidence.
View OriginalReply0
Low-PolyFloatingEarthvip
· 04-21 11:32
If there is clear progress and a timeline for Arbitrum recovery, it can at least make expectations more predictable and easier to price.
View OriginalReply0
View More