Following a $300 million exploit on April 18, 2026, KelpDAO has publicly challenged LayerZero Labs’ account of the incident, alleging that the bridge provider is deflecting blame for its own infrastructure failures.
Key Takeaways:
Lazarus Group stole $300 million in rsETH on April 18 after breaching Layerzero’s core infrastructure.Over 47% of Layerzero OApps used the 1-1 DVN setup that the provider previously verified as secure.KelpDAO is migrating rsETH to Chainlink CCIP and the CCT standard to enhance cross-chain security.The central dispute lies in the cause of the breach. Layerzero’s post-mortem framed the incident as a “KelpDAO configuration issue,” specifically targeting Kelp’s use of a 1-of-1 decentralized verifier network (DVN) setup where Layerzero Labs was the sole validator. However, KelpDAO has fired back, citing Dune analysis showing that 47% of Layerzero OApp contracts—more than 1,200 applications—utilize the same 1-1 DVN “security floor.”
Kelp points out that Layerzero’s own OFT quickstart guide and default templates recommend the 1-1 setup with Layerzero Labs as the sole required DVN. The project also shared screenshots of Telegram conversations purportedly showing Layerzero team members assuring Kelp that “defaults were fine” during eight separate integration discussions over two years.
However, according to Kelp, the post-mortem ignored that Layerzero’s own documentation pushed developers toward the vulnerable 1-1 setup. It also fails to explain why Layerzero’s monitoring systems failed to detect the hack, leaving Kelp to flag the issue.
“The simple truth: LayerZero blamed their users for an issue that was caused by their own infrastructure failure,” KelpDAO asserted in the post.
To demonstrate its loss of confidence in Layerzero, Kelp said it is transitioning rsETH from the Layerzero OFT standard to Chainlink’s Cross-Chain Token (CCT) standard.
