Layerzero Claims Zero Contagion After $290M Exploit as Disputed Narratives Deepen Scrutiny

Key Takeaways:

In the statement, Layerzero Labs stated:

“Preliminary indicators suggest attribution to a highly-sophisticated state actor, likely DPRK’s Lazarus Group, more specifically TraderTraitor.”

According to the details provided, the attack targeted downstream remote procedure call infrastructure used by its Decentralized Verifier Network. Rather than exploiting the protocol itself, the attackers allegedly poisoned RPC systems, manipulated the data presented to the verifier, and used distributed denial-of-service pressure against uncompromised endpoints. This combination enabled fraudulent transactions to be validated while avoiding detection across monitoring systems.

Layerzero Labs attributed the primary weakness to KelpDAO’s rsETH configuration, which relied on a one-of-one DVN structure. That model left no independent verifier able to reject a forged message once supporting infrastructure was compromised. The statement argued that this setup ran against long-standing recommendations for multi-DVN redundancy. It also said a properly diversified configuration would have required consensus across multiple verifiers, which would have made the attack ineffective even if one pathway had been compromised.

Layerzero Labs also emphasized that the impact remained contained across the broader ecosystem. “We have conducted a comprehensive review of active integrations on the Layerzero protocol,” Layerzero Labs stated, emphasizing:

“We can confirm with confidence that there is zero contagion to any other asset or application.”

“This incident was isolated entirely to KelpDAO’s rsETH configuration as a direct consequence of their single-DVN setup,” they added. This framing supports the view that the protocol functioned as intended, with modular security limiting the damage to a single integration rather than creating wider systemic exposure.