Security Alliance reports that DPRK-linked actors stole 116,500 rsETH on April 18, 2026 by fraudulently triggering an attestation from the LayerZero DVN configured as the sole validator for the Kelp DAO OApp. Kelp blocked the attacker within about an hour and contacted SEAL 911, after which SEAL coordinated with Kelp, LayerZero, Uniswap, Optimism, and other ecosystem parties to narrow the compromise and support downstream pauses. The analysis highlights the risk of single-validator DVN configurations and recommends at least two required validators, checks that multiple DVNs are not run by the same operator, and cross-referencing RPC gateway results for business-critical decisions. The incident matters because it shows threat actors moving beyond smart-contract bugs toward infrastructure and supply-chain dependencies that can custody or influence hundreds of millions of dollars.