North Korea's Lazarus Group executed a precision attack on KelpDAO on April 18, compromising the RPC node feeding LayerZero's single-verifier bridge and manipulating data to authorize unauthorized withdrawals of approximately $290 million in rsETH. LayerZero's post-mortem confirmed the root cause was a minimal DVN security configuration, effectively a single point of cryptographic trust for a nine-figure bridge. The attack is among the largest DeFi exploits on record and the first publicly confirmed Lazarus operation against a restaking protocol.
Armada's crypto desk faces a direct policy question: can bridge-dependent liquid restaking tokens be underwritten as collateral when state-level adversaries are actively targeting their infrastructure? Fireblocks provides custody security but offers no protection against pre-custody asset impairment via bridge exploitation. Armada's no-rehypothecation policy preserves asset segregation but does not prevent collateral value destruction from protocol-layer attacks. Risk committee review of all LayerZero-dependent collateral is warranted immediately.