KelpDAO Suffers $292M Exploit Linked to North Korea’s Lazarus Group On April 18, decentralized finance (DeFi) protocol KelpDAO fell victim to a $292 million exploit, now confirmed to be the work of the North Korean state-backed Lazarus Group. The attack, the largest DeFi breach of 2026, targeted a vulnerability in the protocol’s cross-chain bridge, powered by LayerZero Labs’ infrastructure. The Lazarus Group executed a sophisticated attack by poisoning the decentralized validation network’s downstream RPC infrastructure. Through coordinated denial-of-service (DoS) attacks and control of key nodes, the threat actors manipulated the network into accepting malicious data, enabling them to forge cross-chain transactions. The incident highlights the growing sophistication of state-affiliated cyber threats in the DeFi space. Investigations revealed a critical architectural flaw in KelpDAO’s design a single-point-of-failure configuration using a one-of-one (1/1) validation setup. Despite industry warnings against such setups, the protocol lacked redundant verifiers, allowing the forged transactions to go undetected. The breach has prompted widespread industry action, with multiple DeFi platforms freezing their cross-chain bridges to prevent similar attacks. The fallout has been severe, triggering a liquidity crisis across major lending platforms like Aave as users rushed to withdraw assets amid fears of bad debt exposure. Total value locked (TVL) in DeFi has contracted sharply, reflecting heightened risk aversion. The incident has also reignited debates over the safety of restaked assets as collateral, pushing protocols toward institutional-grade security standards. As the DeFi sector grapples with the aftermath, the exploit underscores the vulnerabilities inherent in complex cross-chain architectures and the consequences of prioritizing speed over security. The event marks a turning point in how the industry assesses and mitigates systemic risks.