Kelp DAO Blames LayerZero, Moves rsETH to Chainlink

Kelp DAO says a single-verifier configuration approved by LayerZero led to an April 18 exploit that drained roughly 116,500 rsETH, about $292 million. The protocol announced it will move rsETH’s cross-chain operations to Chainlink’s Cross-Chain Interoperability Protocol (CCIP), which requires multiple independent validators to approve transfers.

Kelp linked the attack to the Lazarus Group and said independent security firms, including SEAL 911 and Chainalysis, found evidence pointing to LayerZero infrastructure being breached. Kelp asserts the breach enabled fraudulent messages to be validated and caused roughly $300 million in losses across decentralized finance.

Kelp alleges LayerZero personnel approved a 1-of-1 verifier setup for the rsETH bridge and did not warn developers that the configuration posed heightened risk. A single-verifier system relies on one signer to validate cross-chain messages, and Kelp says attackers compromised RPC nodes used by that verifier to feed altered data and approve fake transfers.

LayerZero disputed Kelp’s characterization, describing the incident as isolated to Kelp’s rsETH application and attributing the failure to that application’s use of a single-verifier setup rather than LayerZero’s recommended multi-verifier model. After the exploit, LayerZero announced it would stop signing or attesting messages for applications using a 1-1 DVN configuration.

Kelp rejects the description of the issue as an isolated application-level error, saying it followed LayerZero documentation and default settings and that similar single-verifier configurations were widespread across the ecosystem.

Kelp plans to migrate rsETH’s cross-chain protocol to Chainlink CCIP. Chainlink’s chief business officer offered support to work with Kelp DAO to secure the migration and implement multi-validator approvals.

About $71 million in funds tied to the exploit were frozen on the Arbitrum network and are the subject of litigation in U.S. federal court in New York. That legal case concerns the status and possible recovery of those assets after the hack.

rsETH is an Ethereum staking derivative that lets users move staked ether across blockchains using cross-chain bridges. Bridge security depends on how many independent parties sign or attest to messages: multi-verifier systems require several attestations before a transfer executes, while single-verifier setups place that trust in one signer. The parties involved continue to dispute responsibility for the configuration and the cause of the breach as the protocol proceeds with the migration to CCIP.