Layerzero Labs has disclosed that a remote procedure call (RPC) poisoning attack was linked to the $292 million KelpDAO security breach. The company also acknowledged that North Korean hackers, specifically the Lazarus Group, carried out the exploit alongside a distributed denial-of-service (DDoS) attack. In a statement issued this week, Layerzero apologized for not communicating for three weeks after the incident.
How the Attack Unfolded
Investigators traced the intrusion to an RPC poisoning technique, a method that manipulates the communication between a blockchain application and its node. The attackers combined this with a DDoS assault, likely to distract security teams or degrade system defenses. The Lazarus Group, a state-backed hacking unit from North Korea, has been linked to the operation. The group is known for targeting cryptocurrency platforms to fund North Korean programs.
The Three-Week Communication Gap
Layerzero Labs faced criticism for staying silent for three weeks after the breach was detected. The company issued an apology, saying the delay was due to the need to verify the attack's scope and coordinate with law enforcement. Still, the lack of updates left users and partners in the dark during a critical period. Some in the crypto community questioned whether earlier warnings could have limited losses.
What’s Known About the KelpDAO Hack
The $292 million heist hit KelpDAO, a decentralized finance protocol. While Layerzero's infrastructure was used in the attack, the company did not confirm whether it lost any funds directly. The incident highlights how cross-chain messaging protocols can become vectors for sophisticated exploits. Security firms are still analyzing the full chain of events.
Regulatory and Industry Fallout
The hack adds to growing concerns about North Korean cyber activity in the crypto sector. U.S. authorities and international watchdogs have repeatedly warned about Lazarus Group’s tactics. Layerzero’s disclosure may prompt other protocols to review their RPC security. The company has not announced specific technical fixes yet but said it is working with partners to prevent similar attacks.
The next step involves a joint review by blockchain security auditors and law enforcement. A detailed post-mortem report is expected in the coming weeks. Until then, users are advised to monitor their transactions and avoid interacting with unverified nodes.
