What happened with KelpDAO and the $292 million hack?

KelpDAO said a cross-chain exploit in April led to about $292–300 million in losses across DeFi, including 116,500 rsETH tokens drained from its bridge. The protocol claims the issue came from infrastructure linked to LayerZero. The attack has also been tied to North Korea’s Lazarus Group.

Why is KelpDAO blaming LayerZero for the exploit?

KelpDAO alleges LayerZero approved a “1-of-1 verifier” setup that relied on a single validator, which created a critical security weakness. It says attackers compromised this system and injected false data to approve fake transactions. LayerZero disputes this, saying Kelp chose a risky configuration against its guidance.

What is a 1-of-1 verifier setup and why is it risky?

A 1-of-1 verifier means only one entity validates cross-chain transactions, creating a single point of failure. If that verifier is compromised, attackers can approve fraudulent transfers. This contrasts with multi-validator systems, which require consensus and are generally more secure.

What is KelpDAO doing after the hack?

KelpDAO plans to rebuild its cross-chain system using Chainlink’s interoperability protocol (CCIP). This system uses multiple independent validators instead of a single verifier. The move is aimed at reducing the risk of similar exploits in the future.

How could this affect LayerZero’s reputation in DeFi?

The dispute could damage LayerZero’s credibility if users believe its infrastructure contributed to the exploit. However, since LayerZero denies responsibility and says the issue was specific to Kelp’s setup, the long-term impact depends on how the market interprets the facts. This is still an evolving narrative.

What does the $71 million legal battle mean for investors?

Around $71 million in crypto tied to the exploit has been frozen on Arbitrum, leading to a US court case. The outcome could set precedents for how stolen or frozen DeFi assets are handled legally. This matters for investors because it may influence recovery chances after future hacks.

How might this impact rsETH holders and users?

rsETH holders could face uncertainty around asset recovery and protocol stability following the exploit. The migration to Chainlink may improve security, but trust needs to be rebuilt. Short term, users may remain cautious about bridging and staking via KelpDAO.

Is moving to Chainlink a positive development for KelpDAO?

Switching to Chainlink’s multi-validator system is generally seen as a security upgrade, which is positive. However, it also highlights that the previous setup was vulnerable. The success of the transition will depend on execution and whether users regain confidence.

Kelp blames LayerZero for $292M hack

Written by Brie CarterPublished May. 6 2026Last Updated May. 7 2026

KelpDAO has accused LayerZero of responsibility for a $292 million exploit and said it will rebuild its cross-chain infrastructure using Chainlink, according to a statement posted on X on Tuesday.

The protocol said the breach stemmed from LayerZero’s infrastructure and highlighted that a controversial single-verifier configuration was approved without warnings despite its risks.

“From the April 18 incident, it is clear that LayerZero's own infrastructure was exploited, resulting in $300M in losses across DeFi,”

Said Kelp DAO in its X statement.

The attack in April drained roughly 116,500 rsETH tokens from a cross-chain bridge used by Kelp, with investigators linking the exploit to North Korea’s Lazarus Group.

Kelp further alleged that LayerZero personnel endorsed the 1-of-1 verifier setup, which relied on a single entity for transaction validation, while LayerZero has disputed this and maintained the issue was isolated to Kelp’s implementation.

The protocol now plans to migrate rsETH to Chainlink’s cross-chain interoperability protocol, which uses multiple independent validators to approve transactions and reduce single points of failure.

The fallout has extended into a US legal dispute over $71 million in frozen assets on Arbitrum, a case that could shape how decentralised finance handles exploit recovery and accountability in future incidents.