{"id":72142,"date":"2026-05-06T16:30:41","date_gmt":"2026-05-06T16:30:41","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/kelpdao-slams-layerzero-after-300m-exploit-shifts-rseth-to-chainlink-ccip\/"},"modified":"2026-05-06T16:30:41","modified_gmt":"2026-05-06T16:30:41","slug":"kelpdao-slams-layerzero-after-300m-exploit-shifts-rseth-to-chainlink-ccip","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/kelpdao-slams-layerzero-after-300m-exploit-shifts-rseth-to-chainlink-ccip\/","title":{"rendered":"KelpDAO Slams Layerzero After $300M Exploit, Shifts rsETH to Chainlink CCIP"},"content":{"rendered":"<p><b>(Originally posted on : Bitcoin News )<\/b><br \/>\n<\/p>\n<div>\n<div class=\"@container mb-[25px] rounded-sm overflow-clip py-0.5 pr-0.5 pl-2.5 bg-success-100\">\n<div class=\"flex flex-col gap-m overflow-clip rounded-[6px] !bg-success-10 p-3 @[420px]:p-m\">\n<h2 class=\"m-0 flex items-center gap-s text-[19px] !text-[#1c1c1c] md:text-[20px]\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"16\" height=\"10\" viewbox=\"0 0 16 10\" fill=\"none\" class=\"shrink-0 text-success-100\" aria-hidden=\"true\"><path d=\"M1 1.5h14\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><path d=\"M1 8.5h10\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><span>Key Takeaways<\/span><\/h2>\n<ul class=\"m-0 flex list-none flex-col gap-m pl-0\">\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">Lazarus Group stole $300 million in rsETH on April 18 after breaching Layerzero\u2019s core infrastructure.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">Over 47% of Layerzero OApps used the 1-1 DVN setup that the provider previously verified as secure.<\/span><\/li>\n<li class=\"m-0 flex items-start gap-s !text-[#434248]\"><span class=\"mt-2 size-2 shrink-0 rounded-full bg-success-100\" aria-hidden=\"true\"\/><span class=\"text-body\">KelpDAO is migrating rsETH to Chainlink CCIP and the CCT standard to enhance cross-chain security.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<h2>The Dispute Over Network Configuration<\/h2>\n<p>KelpDAO has issued a blistering response to Layerzero Labs following an April 18 exploit that drained more than $300 million in <span>DeFi<\/span> assets, primarily in the form of rsETH. In a public statement that contradicts Layerzero\u2019s official post-mortem, KelpDAO alleges the bridge provider is \u201cblaming users\u201d for a systemic failure in its own core infrastructure.<\/p>\n<p>The exploit, which has been linked with high confidence to the<a href=\"https:\/\/news.bitcoin.com\/lazarus-group-suspected-of-moving-175m-in-eth-after-arbitrum-freezes-71m-from-kelpdao-exploit\/\"> Lazarus Group<\/a>, resulted in the fraudulent minting and release of assets. While KelpDAO managed to block an additional $100 million in forged transactions by pausing contracts, the fallout has triggered a massive shift in the <a href=\"http:\/\/www.bitcoin.com\/get-started\/what-is-defi-decentralized-finance\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">DeFi<\/a> landscape. KelpDAO subsequently announced an immediate migration to Chainlink CCIP.<\/p>\n<p>The central dispute lies in the cause of the breach. Layerzero\u2019s post-mortem framed the incident as a \u201cKelpDAO configuration issue,\u201d specifically targeting Kelp\u2019s use of a 1-of-1 decentralized verifier network (DVN) setup where Layerzero Labs was the sole validator. However, KelpDAO has fired back, citing Dune analysis showing that 47% of Layerzero OApp contracts\u2014more than 1,200 applications\u2014utilize the same 1-1 DVN \u201csecurity floor.\u201d<\/p>\n<p>Kelp points out that Layerzero\u2019s own OFT quickstart guide and default templates recommend the 1-1 setup with Layerzero Labs as the sole required DVN. The project also shared screenshots of Telegram conversations purportedly showing Layerzero team members assuring Kelp that \u201cdefaults were fine\u201d during eight separate integration discussions over two years.<\/p>\n<p>In a <a href=\"https:\/\/x.com\/KelpDAO\/status\/2051754226351771772\" target=\"_blank\" rel=\"noopener noreferrer\">post<\/a> on X setting the record straight, Kelp broke down what Layerzero admits to and what it conveniently ignores in its post-mortem. According to the post, Layerzero admitted that attackers gained access to the list of RPCs its DVN uses and confirmed that two independent <a href=\"http:\/\/www.bitcoin.com\/get-started\/what-is-a-bitcoin-node\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">nodes<\/a> were compromised and binaries were swapped. Furthermore, Kelp cites Layerzero\u2019s banning of 1-1 configurations after the $300 million loss as another form of admission.<\/p>\n<p>However, according to Kelp, the post-mortem ignored that Layerzero\u2019s own documentation pushed developers toward the vulnerable 1-1 setup. It also fails to explain why Layerzero\u2019s monitoring systems failed to detect the hack, leaving Kelp to flag the issue.<\/p>\n<p>\u201cThe simple truth: LayerZero blamed their users for an issue that was caused by their own infrastructure failure,\u201d KelpDAO asserted in the post.<\/p>\n<p>To support its conclusion, Kelp cited independent reviews that surfaced several critical vulnerabilities allegedly present at the time of the attack. These include findings that the default deployment exposed public gateways stripped of common security measures like WAF or IP allowlists. A review by Chainalysis <a href=\"https:\/\/news.bitcoin.com\/chainalysis-flags-critical-blind-spot-in-defi-security-as-292m-exploit-bypasses-burn-verification\/\">determined<\/a> that Layerzero set a low 1-1 RPC quorum default, meaning if one <a href=\"http:\/\/www.bitcoin.com\/get-started\/what-is-a-bitcoin-node\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">node<\/a> was poisoned, the DVN signed the forged message without cross-checking others.<\/p>\n<p>To demonstrate its loss of confidence in Layerzero, Kelp said it is transitioning rsETH from the Layerzero OFT standard to Chainlink\u2019s Cross-Chain Token (CCT) standard.<\/p>\n<p>\u201cOur number-one priority remains the security of our users\u2019 assets,\u201d KelpDAO noted, citing Chainlink\u2019s seven-year track record and its secure decentralized <a href=\"http:\/\/www.bitcoin.com\/get-started\/what-is-an-oracle\/\" class=\"lar_link lar_link_outgoing\" target=\"_blank\" rel=\"noopener noreferrer\">oracle<\/a> network.<\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/news.bitcoin.com\/kelpdao-slams-layerzero-after-300m-exploit-shifts-rseth-to-chainlink-ccip\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : Bitcoin News ) Key Takeaways Lazarus Group stole $300 million in rsETH on April 18 after breaching Layerzero\u2019s core infrastructure. Over 47% of Layerzero OApps used the 1-1 DVN setup that the provider previously verified as secure. KelpDAO is migrating rsETH to Chainlink CCIP and the CCT standard to enhance cross-chain [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":72143,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/72142"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=72142"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/72142\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/72143"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=72142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=72142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=72142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}