
XRP Whales Now Hold Most Tokens Since 2018 As Price Eyes $1.50
XRP's largest holders now control 45.83B tokens as price nears $1.50.

KelpDAO's cross-chain bridge was hacked for approximately $292 million, linked to North Korea's Lazarus Group. The attack exploited a single verifier system, allowing attackers to drain funds before being cut off.
Mentioned in this story
— LayerZero (@LayerZero\_Core) April 20, 2026 Among these subunits, TraderTraitor has been flagged as the most sophisticated DPRK actor targeting crypto, previously linked to the Axie Infinity Ronin Bridge and WazirX compromises. LayerZero said that KelpDAO had used a single verifier to approve transfers in and out of the bridge, adding that it had repeatedly urged KelpDAO to use multiple verifiers instead. Going forward, LayerZero said it will stop approving messages for any application still running that setup.
Attackers drained around $292 million from KelpDAO's cross-chain bridge, exploiting a vulnerability in its verification system.
LayerZero attributed the hack to North Korea's Lazarus Group, specifically its TraderTraitor subunit, based on the attack's sophistication.
The hack exploited a single verifier system, which was a critical point of failure, allowing attackers to manipulate verification channels.
The incident highlights significant security flaws in decentralized finance systems, particularly the risks of relying on single verification points.

XRP's largest holders now control 45.83B tokens as price nears $1.50.

U.S. stock market valuations are nearing dot-com bubble levels, raising concerns about a potential correction.

Hyperliquid's token skyrockets 20% to $47, but warning signs emerge.

BNB Chain Research reveals key post-quantum challenges for Bitcoin.

XRP Surges Past $1.50 as Whales Control Nearly 70% of Supply

Ethereum shows a new sell signal, raising concerns of a major correction as the CLARITY Act advances.
See every story in Crypto — including breaking news and analysis.
Observers say the exploit exposed how the bridge was built to trust a single verifier. It was “a single point of failure, regardless of what the marketing calls it,” Shalev Keren, co-founder at cryptographic security firm Sodot, told *Decrypt*. A single compromised checkpoint was enough to allow the funds to leave the bridge, and no audit or security review could have fixed that flaw without “removing unilateral trust from the architecture itself,” Keren said. The attackers came within three minutes of draining another $100 million before a rapid blacklist cut them off, according to an analysis by blockchain security firm Cyvers. The operation was based on tricking a single channel of communication, Cyvers CTO Meir Dolev told *Decrypt*. Attackers tapped two of the lines the verifier used to check whether a withdrawal had actually occurred on Unichain, fed it a fake “yes” on those lines, then knocked the remaining lines offline to force the verifier to rely on the compromised ones. “The vault was fine. The guard was honest. The door mechanism worked correctly,” Dolev said. “The lie was whispered directly to the one party whose word opened the door.” But while LayerZero, whose infrastructure powered the drained bridge, pointed to Lazarus as the likely culprit, Cyvers stopped short of the same attribution in its own analysis. Some patterns match DPRK-linked operations in sophistication, scale, and coordinated execution, Dolev said, but no wallet clustering tied to the group has been confirmed. The malicious node software was engineered to erase itself once the attack finished, wiping binaries and logs to obscure the attackers’ trail in real time and in the post-mortem, he added. Earlier this month, attackers drained roughly $285 million from Solana-based perpetuals protocol Drift, in an exploit later attributed to North Korean operatives. Dolev noted that the Drift hack was “very different in terms of the preparations and execution,” but both attacks required long lead times, deep expertise, and significant resources to pull off. Cyvers suspects that the stolen funds have been transferred to this Ethereum address, aligning with a separate report from on-chain investigator ZachXBT which flagged it alongside four others. The attack addresses were funded through coin mixer Tornado Cash, per ZachXBT.