A KelpDAO cross-chain bridge failure released 116,500 rsETH after LayerZero's single required DVN accepted a forged Unichain-to-Ethereum message. The excerpt says preliminary attribution points to North Korea's Lazarus Group, while also noting unresolved questions around how attackers gained root-level access to RPC nodes used by the verifier. The attacker used Tornado Cash-funded wallets, poisoned RPC responses aimed at the DVN, and a fabricated nonce 308 packet to trigger Ethereum-side release despite no corresponding burn, transfer event, or PacketSent event on Unichain. Stolen rsETH was rapidly deposited into Aave as collateral to borrow WETH before emergency pause actions could prevent the loss, creating broader DeFi liquidity and bad-debt impact. The case matters for DPRK tracking because it ties a suspected Lazarus-linked theft to off-chain verifier compromise, cross-chain trust assumptions, and large-scale laundering-ready crypto theft.