KelpDAO has blamed LayerZero for a $300 million+ DeFi wide exploit that hit its rsETH bridge on April 18, escalating a dispute over one of the year’s largest DeFi security failures. The attack drained about 116,500 rsETH after attackers triggered false transactions through the cross-chain system. Kelp also prevented two additional forged transactions totaling $100M+ by pausing the contracts promptly.
In a post on X, KelpDAO said the breach stemmed from compromised off-chain infrastructure rather than its own configuration. It said attackers manipulated RPC nodes to push fraudulent data, which a one-validator setup then approved. The team added it paused contracts quickly to limit losses, but said LayerZero’s infrastructure remained active for an extended period of time after the issue was flagged.
Shift toward new security infrastructure
KelpDAO said it moved to tighten security after the breach. It paused rsETH contracts soon after detecting the issue and launched a full review. The team also worked with partners, exchanges, and authorities to contain losses and trace the funds.
In addition, KelpDAO announced that it would migrate its cross-chain activities to use the Chainlink CCIP protocol and transition rsETH from the LayerZero OFT standard to Chainlink’s Cross-Chain Token (CCT) standard. The rationale behind this migration is to decrease dependency on any single party’s verification process and increase the robustness of the entire system, leveraging battle-hardened infrastructure that has facilitated over $30 trillion in value over seven years with no loss and remained fully operational during multiple global outages.
Dispute over infrastructure and responsibility
KelpDAO pushed back against claims that its setup caused the breach, saying it followed LayerZero’s default configuration. The team noted that the 1-1 DVN model was widely used across the network. Data shows nearly half of LayerZero applications relied on similar setups. Moreover, most transactions required only one or two validators in recent months.
Independent researchers also backed KelpDAO’s position. They said the attack did not target smart contracts directly. Instead, it focused on LayerZero’s off-chain infrastructure. One report stated, “The target of the attack was the off-chain infrastructure that LayerZero Labs operated.” Another linked the incident to coordinated actors exploiting weak verification layers.
Additionally, researchers pointed to broader design concerns within the system. They highlighted exposed RPC endpoints and limited cross-checking between data providers. As a result, attackers could manipulate inputs and push false transaction approvals. Critics say the incident reveals bigger risks in current cross-chain security models.
The incident has also raised wider concerns across the DeFi sector. As a result, developers and investors are reassessing how much trust cross-chain infrastructure should carry. The outcome could influence how future protocols approach security as the market expands.
Also Read: Michael Saylor’s U-Turn? Why Strategy May Finally Sell Bitcoin After $12.5B Loss
