Attackers linked by LayerZero to DPRK Lazarus Group's TraderTraitor stole about $292 million in rsETH from KelpDAO's LayerZero bridge on April 18, 2026. The operation targeted off-chain verification infrastructure, compromising LayerZero-hosted RPC nodes and using DDoS against an external RPC path so a 1-of-1 DVN accepted forged source-chain data. Poisoned RPC responses falsely showed an rsETH burn on Unichain, causing the Ethereum-side bridge contract to release 116,500 rsETH without a matching upstream burn. KelpDAO paused affected contracts and blacklisted attacker addresses quickly enough to block another forged packet worth about $95 million, while Arbitrum froze more than 30,000 ETH of downstream funds. The incident matters because normal transaction-level checks saw valid messages and signatures, but cross-chain invariant monitoring would have exposed that released assets did not match burned or locked assets.