An attacker attributed by LayerZero to the DPRK drained about $292 million in rsETH from KelpDAO's LayerZero-powered OFT bridge on April 18, 2026. The excerpt says the attacker compromised Unichain RPC infrastructure used by LayerZero Labs' Gasolina DVN service, injected fabricated cross-chain messages, and caused the DVN to sign attestations for messages that had never been sent. Because Kelp used a 1/1 DVN configuration requiring only the LayerZero Labs DVN, the forged attestations passed verification on Ethereum and unlocked 116,500 rsETH. Protocols using 2/2 DVN configurations, including USDT0, EtherFi, Ethena, and Stargate, were not affected, suggesting that independent attestation redundancy materially limited the attack's spread.