- KelpDAO blames LayerZero for a $292 million exploit, claiming its approved single-verifier setup was at fault, which LayerZero disputes.
- The protocol is redesigning its cross-chain system and migrating to ChainLink‘s CCIP for enhanced security with multiple validators.
- A U.S. court battle over $71 million in frozen funds from the hack could influence future DeFi recovery rules.
- The April attack, linked to North Korea‘s Lazarus Group, drained 116,500 rsETH tokens via a compromised bridge.
KelpDAO publicly accused cross-chain protocol LayerZero of responsibility for a devastating $292 million exploit on Tuesday, announcing plans to relaunch its system on a rival network. The dispute centers on a security configuration that Kelp claims LayerZero personnel approved without warning of its risks.
According to Kelp, the April 18 attack resulted from a breach of LayerZero’s own infrastructure, where attackers compromised verifier network nodes. This allowed fake transactions to be approved, draining about 116,500 rsETH—a staking token—from its cross-chain bridge, as the team wrote on X.
However, LayerZero disputed this account in an April statement, arguing the exploit was isolated to Kelp’s application. The company said the incident resulted from Kelp’s use of a single-verifier setup, which went against its recommended multi-verifier security model.
Consequently, KelpDAO is abandoning LayerZero and migrating its rsETH system to Chainlink’s cross-chain interoperability protocol (CCIP). “We’re committed to working with the KelpDAO team on improving the cross-chain security of rsETH,” Chainlink Chief Business Officer Johann Eid told Decrypt.
Meanwhile, the fallout has extended into the legal realm, triggering a fight in a New York federal court. Approximately $71 million in crypto linked to the exploit was frozen on the Arbitrum network, a case that could help shape DeFi recovery rules.
The hack has been linked by researchers to North Korea‘s Lazarus Group. KelpDAO insists it followed LayerZero’s documentation and that the vulnerable setup was widely used across the ecosystem, as noted in another post.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
