A single compromised oracle just cost someone $292 million. The KelpDAO exploit, which drained 116,500 rsETH through LayerZero’s infrastructure on April 18, marks one of the largest DeFi hacks of the year, and it happened because of something the industry has been quietly ignoring: cross-chain protocols are essentially oracle networks, and oracle networks have single points of failure.
Chronicle Labs CEO Niklas Kunkel put it bluntly. Interoperability protocols like LayerZero and Chainlink CCIP are, at their core, oracles. Every time a project uses cross-chain communication, it’s placing its trust in these verification systems. When that trust gets exploited, the results are catastrophic.
How the attack unfolded
The breach targeted LayerZero’s Decentralized Verifier Network, or DVN, which is the infrastructure responsible for validating cross-chain messages. Attackers compromised internal RPC nodes through social engineering, essentially tricking their way into the system rather than breaking through code.
LayerZero Labs published its incident report on May 20, attributing the attack to TraderTraitor, a North Korean threat actor linked to the Lazarus Group.








