PANews reported on May 20th that LayerZero released an incident report stating that on April 18th, 2026, the KelpDAO rsETH cross-chain bridge built on LayerZero was attacked, resulting in the loss of approximately 116,500 rsETH, worth about $292 million. Mandiant and CrowdStrike attributed the attack to the North Korean hacking group TraderTraitor (UNC4899). Since March, the attackers had obtained developer session keys through social engineering, compromised the LayerZero RPC cloud environment, and tampered with RPC node data. Simultaneously, they launched a DoS attack on external RPC services, inducing DVN to rely solely on the tainted node's signature, thereby forging cross-chain messages. LayerZero stated that the vulnerability stemmed from the "single validator" configuration used in related OApps. They have since adjusted the DVN policy, refusing to participate in signing as the sole validator, and have fully rebuilt the affected infrastructure.