North Korea-linked Lazarus Group stole $290M from Kelp DAO by abusing LayerZero. A second $95M attempt was stopped.

Hackers tied to the North-Korea linked group Lazarus APT carried out a $290M crypto theft targeting Kelp DAO.

Kelp DAO is a decentralized finance (DeFi) protocol built on the Ethereum ecosystem that focuses on a concept called liquid restaking. In simple terms, it lets users earn more rewards from their crypto without locking it up.

Attackers manipulated LayerZero infrastructure, forcing systems to rely on compromised nodes, then issued a malicious command to drain funds.

After the breach, the platform froze activity and blocked wallets, stopping a second attempted theft worth about $95M.

“Kelp detected the anomaly, paused all relevant contracts on Ethereum mainnet and L2s, blacklisted all wallets associated with the exploiter, and engaged SEAL-911.” wrote Kelp. “A subsequent attempt by the exploiter, leveraging a falsely verified phantom packet to target an additional 40,000 rsETH (~$95M), was fully mitigated by these interventions.”

Kelp DAO lets users deposit ETH, restake it via EigenLayer, and receive rsETH to earn extra rewards. It relies on LayerZero to verify transactions across chains. The attack didn’t exploit the core protocol but targeted the verification layer.

LayerZero checks transactions using multiple servers (RPCs). Attackers hacked two of them and used them to send fake but valid-looking messages.

“On April 18, 2026, LayerZero Labs’ DVN became the target of a highly sophisticated attack, likely attributable to the Lazarus Group, more specifically TraderTraitor. The attack was specifically engineered to manipulate or poison downstream RPC infrastructure by compromising a quorum of the RPCs the LayerZero Labs DVN relied upon to verify transactions. It was not done through an exploit to the protocol, DVN, key management or other means.” reports LayerZero. “Rather, the attacker was able to gain access to the list of RPCs our DVN uses, compromise two of them – which were independent nodes running on separate clusters without direct connection to each other – and swap out binaries running the op-geth nodes. Because of our least-privilege principles, they were unable to compromise the actual DVN instances. However, they used this pivot point to execute an RPC-spoofing attack.”

Then they launched a DDoS attack on the remaining servers, forcing the system to rely on the compromised ones. This allowed malicious transactions to pass. The root cause was Kelp DAO’s insecure “1-of-1” verifier setup, meaning only one DVN checked transactions. This created a single point of failure. Best practice requires multiple independent verifiers, which would have blocked the attack even if one node was compromised.

LayerZero reported that the breach only affected its rsETH setup and did not spread to other apps, thanks to LayerZero’s modular design.

LayerZero confirmed its infrastructure and protocol worked as designed, isolating the damage. The incident highlights a new type of state-level attack targeting off-chain components like RPCs, rather than core blockchain systems. After the breach, compromised nodes were replaced, and stronger multi-verifier configurations are now being enforced to prevent similar attacks.

LayerZero says the hack could have been avoided if Kelp DAO had used multiple verifiers (multi-DVN), the industry standard.

“Industry best practice — and LayerZero’s express recommendation to all integrators — is to configure a multi-DVN setup with diversity and redundancy. This means no single DVN should represent a unilateral point of trust or failure.” continues the LayerZero’s statement. “Operating a single-point-of-failure configuration meant there was no independent verifier to catch and reject a forged message. LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration.”

Kelp DAO refused accusation, saying it followed its default setup and didn’t manage the compromised infrastructure. It’s now focused on limiting damage, with partners like Arbitrum Security Council freezing funds. The impact spread across DeFi, with Aave losing nearly $8B in value.

“Kelp’s priority is our users and preventing contagion across DeFi. We are working with all ecosystem partners to analyse the impact, rally support, and explore all avenues of mitigation.” concludes Kelp. “We are concurrently assessing the potential next steps regarding protocol unpausing, impact assessment, and the way forward, and working with Aave, LZ, and all other key stakeholders.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Lazarus APT)

Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group.

ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected packages, continuing the group’s efforts to target the software supply chain.

“The ReversingLabs research team has identified a new branch of a fake recruiter campaign conducted by the North Korean hacking team Lazarus Group.” reads the report published by ReversingLabs. “The campaign, which the team named graphalgo, based on the first package included in this campaign in the npm repository, has been active since the beginning of May 2025.”

The campaign, tracked as ‘graphalgo’, has been active since May 2025 and targets JavaScript and Python developers with fake cryptocurrency recruiter tasks. Attackers approach victims on LinkedIn, Facebook, and Reddit, posing as a blockchain company. Malicious code is hidden through multiple public platforms, including GitHub, npm, and PyPI. The researchers noticed that one npm package, bigmathutils, gained over 10,000 downloads before attackers pushed a malicious update.

The Graphalgo campaign is a modular, multi-stage operation designed to stay active even if parts are exposed:

Phase 1 – Fake company:
Attackers created a fake blockchain firm, Veltrix Capital, with websites and GitHub organizations that look legitimate but lack real leadership details. When one setup risks exposure, they spin up a new company, domains, and AI-generated content to rebuild trust.

Phase 2 – Interview tasks:
The fake company publishes GitHub “job interview” repositories in Python and JavaScript. These projects look harmless, but they secretly depend on malicious npm or PyPI packages. When candidates run the tasks, the malicious dependency executes on their systems.

Phase 3 – Recruiting:
Victims are lured through Reddit, Facebook groups, LinkedIn, and direct recruiter messages. Some recruiters appear real, adding credibility, but disengage when questioned about the company.

Phase 4 – Malicious dependencies:
The backend relies on malicious open-source packages hosted on npm and PyPI. Early “graph-” packages impersonate popular libraries, while later “big-” packages build user trust first, then deliver malware in delayed updates.

Phase 5 – Final payload:
Infected systems download a RAT that supports file access, command execution, and process control. The malware uses token-protected C2 communication and checks for crypto wallets like MetaMask, pointing to financial theft motives.

North Korean threat actors, widely linked to the Lazarus Group, have a long track record of abusing npm and PyPI. In 2023, researchers exposed the VMConnect campaign, where fake PyPI packages tied to sham GitHub repos delivered malware. A year later, the operation evolved into fake recruiter coding tests: victims ran malicious packages disguised as interview tasks, triggering second-stage downloads. Reports from other cybersecurity firms, including Phylum, Unit 42, Veracode, and Socket, documented similar npm campaigns.

Attribution to Lazarus is based on repeated patterns: fake job interviews, crypto-focused lures, multistage encrypted malware, delayed malicious updates, token-protected C2, and GMT+9 timestamps. The campaign’s modular design allows attackers to swap fake “frontends” while reusing backend infrastructure. With new package waves and payload variants still emerging, the operation appears ongoing and highly sophisticated.

“Evidence suggests that this is a highly sophisticated campaign. Its modularity, long-lived nature, patience in building trust across different campaign elements, and the complexity of the multilayered and encrypted malware point to the work of a state-sponsored threat actor.” concludes the report. “Fake interviews as the initial contact vector, as well as a cryptocurrency-focused story and malware, together with other techniques mentioned in this blog post, point to North Korea’s Lazarus Group. “

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – malware, graphalgo campaign)