$292M Cross-Chain Attack Exposes RPC Poisoning and Single-DVN Weakness in LayerZero Security Model

LayerZeroKelpDAOcross-chain securityDeFi riskKYTRPC attackvalidation networkblockchain security

$292M Cross-Chain Attack Reveals Infrastructure Weakness

On April 20, LayerZero Labs released an incident analysis regarding the KelpDAO exploit that occurred on April 18, resulting in approximately $292 million in losses. Preliminary findings suggest the attack may be linked to the Lazarus Group, using a sophisticated infrastructure-level intrusion method.

How RPC Poisoning Enabled the Exploit

The attacker compromised downstream RPC infrastructure used by the decentralized validator network (DVN), controlling certain RPC nodes and combining this with DDoS attacks. This forced the system to switch to malicious nodes, enabling forged cross-chain messages. Instead of targeting smart contracts directly, the attack exploited trust assumptions in infrastructure layers.

Single-DVN Architecture as a Critical Weak Point

The root issue lies in KelpDAO’s use of a single DVN (1/1) configuration, which lacked redundant validation nodes. Without independent verification layers, the system failed to detect falsified cross-chain messages, allowing invalid transactions to be approved. In contrast, applications using multi-DVN setups remained unaffected, highlighting the importance of architectural design in cross-chain security.

Why Cross-Chain Security Architecture Is Under Scrutiny

This incident reinforces growing concerns around cross-chain security design. The attack did not exploit protocol-level vulnerabilities but instead bypassed security through infrastructure manipulation. As a result, the security boundary now extends beyond smart contracts to include RPC layers, validation networks, and data transmission infrastructure.

How KYT Strengthens Cross-Chain Risk Detection

In complex multi-chain environments, protocol-level defenses alone are insufficient. KYT (Know Your Transaction) enables continuous monitoring of transaction flows and cross-chain fund movements, detecting abnormal routing patterns, validation anomalies, and high-risk interactions. With Trustformer KYT, platforms can establish early warning systems to mitigate the impact of cross-chain exploits.

Modular Security Becomes the New Industry Standard

LayerZero has indicated plans to migrate single-DVN applications to multi-DVN architectures and suspend validation services for less secure configurations. This shift reflects a broader industry move toward modular and redundant security systems. In the future, cross-chain security will rely less on single points of trust and more on layered verification and real-time monitoring, where Trustformer KYT plays an increasingly critical role.

About Trustformer

Trustformer is a leading blockchain security and compliance technology company specializing in providing professional risk management and compliance solutions for the global cryptocurrency ecosystem. We have developed the cutting-edge Trustformer KYT (Know Your Transaction) platform, which integrates artificial intelligence, blockchain analytics, and regulatory technology to deliver comprehensive, accurate real-time transaction monitoring, risk assessment, and suspicious activity reporting services.

With deep industry expertise and technological innovation, Trustformer is dedicated to helping Virtual Asset Service Providers (VASPs), crypto financial institutions, and investors build a safer and more transparent crypto financial environment. We believe that driving compliance and trust through technology can contribute to the thriving growth of the global digital economy.