Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

KelpDAO hit by cyberattack

Incident
First reported
Last updated
Happening score
H score 19
2 unique sources, 2 articles

Summary

Hide ▲

KelpDAO suffered a cross-chain theft involving rsETH, prompting it to pause rsETH contracts after detecting suspicious activity on April 18, 2026. Reports estimate that about 116,500 rsETH, worth roughly $293 million, was transferred without authorization. Later reporting said the attack involved compromised verification infrastructure and forged cross-chain messaging, with stolen funds routed through Tornado Cash. Preliminary indicators pointed to DPRK-linked Lazarus Group/TraderTraitor, while the root cause remained disputed; Arbitrum’s Security Council later froze about 30,766 ETH tied to the incident.

Related Happenings

North American cryptocurrency company hit by network compromise

Incident
First: 28.04.2026 11:00 Last: 28.04.2026 11:00 Sources 1

About this happening: A **North American cryptocurrency company** suffered a **multi-stage intrusion** that began on **January 23, 2026**, and the attackers kept access for **66 days**. The foothold ca...

Open Happening

Drift Protocol hit by cyberattack

Incident
First: 02.04.2026 22:03 Last: 02.04.2026 22:03 Sources 1

About this happening: **Drift Protocol** disclosed a **security-council takeover** that drained **at least $280 million** and left its protocol functions essentially frozen. The attacker used **durable...

Latest development: 06.04.2026 19:35

Elliptic and TRM Labs attributed the $280+ million theft from Drift Protocol to North Korean hackers, and Drift said its findings point with medium-high confidence to UNC4736 (AppleJeus/Labyrinth Chollima). The investigation also said the attackers spent at least six months building a functioning operational presence inside the Drift ecosystem, posing as a quantitative firm, meeting Drift contributors at crypto conferences in multiple countries, and continuing discussions over Telegram.

Open Happening

Uranium Finance smart contract flaws actively exploited security flaw

Vulnerability
First: 31.03.2026 18:30 Last: 31.03.2026 18:30 Sources 1

About this happening: In **April 2021**, **Uranium Finance** smart contract flaws were **actively exploited** to drain funds from liquidity pools, including a **rewards calculation** weakness and a **t...

Open Happening

Uranium Finance hit by network compromise

Incident
First: 31.03.2026 12:15 Last: 31.03.2026 12:15 Sources 1

About this happening: **Uranium Finance** suffered a **two-stage smart-contract hack** in **April 2021** that drained about **$53.3 million** and forced the exchange to shut down. The attacks exploited...

Open Happening

Unleash Protocol hit by network compromise

Incident
First: 31.12.2025 17:54 Last: 31.12.2025 17:54 Sources 1

About this happening: **Unleash Protocol** suffered a **$3.9 million** crypto theft after an attacker used **unauthorized multisig control** to approve a contract upgrade and enable withdrawals. The co...

Open Happening

Timeline

  1. 21.04.2026 11:30 1 articles · 1mo ago

    LayerZero Labs RPC infrastructure is compromised

    Exploitation Observed

    North Korea’s Lazarus Group targeted LayerZero Labs on April 18, 2026 by poisoning downstream RPC infrastructure, compromising two independent RPC nodes, swapping binaries on op-geth nodes, and forcing a DDoS-driven failover that let a forged cross-chain message pass and enable an unauthorized rsETH transfer.

    Show sources
    Open in new tab
  2. 21.04.2026 11:30 2 articles · 1mo ago

    KelpDAO discloses suspicious rsETH activity and pauses operations

    Initial Disclosure

    KelpDAO identified suspicious cross-chain activity involving rsETH and paused activity, while the publication also reports that 116,500 rsETH worth around $293m was stolen and routed through Tornado Cash; about 30,766 ETH ($71m) was later frozen by Arbitrum’s Security Council, and LayerZero and KelpDAO disputed whether the failure came from LayerZero infrastructure or KelpDAO’s 1/1 DVN configuration.

    Show sources
    Open in new tab
  3. 21.04.2026 01:23 1 articles · 1mo ago

    KelpDAO pauses rsETH after suspicious cross-chain activity

    Initial Disclosure

    On April 18, KelpDAO detected suspicious cross-chain activity involving rsETH and paused rsETH contracts across the Ethereum mainnet and L2s while starting an investigation with LayerZero, Unichain, and other partners.

    Show sources
    Open in new tab
  4. 20.04.2026 03:00 2 articles · 1mo ago

    LayerZero details DVN compromise and Lazarus attribution

    Technical Analysis Update

    On April 20, LayerZero said the rsETH heist targeted the DVN verification layer, with attackers compromising RPC nodes, feeding falsified blockchain data, and DDoS-ing healthy RPC nodes so a fake cross-chain message was accepted as valid; blockchain activity indicated around 116,500 rsETH, worth about $293 million, was stolen and moved through Tornado Cash, while preliminary indicators pointed to DPRK's Lazarus Group, more specifically TraderTraitor, and the incident was described as isolated to rsETH even as Compound, Euler, and Aave were mentioned, with Aave freezing rsETH collateral actions.

    Show sources
    Open in new tab