Kelp DAO Accuses LayerZero of Deflecting Blame for $300M Bridge Hack

The April 18 exploit of the rsETH bridge resulted in a roughly $300 million theft, sending shockwaves through the decentralized finance ecosystem. rsETH, a tokenized representation of staked ETH, relies on LayerZero’s omnichain messaging to move assets across chains, making the breach a high‑profile example of cross‑chain risk. The loss not only depleted liquidity for investors but also raised questions about the resilience of emerging bridge architectures. As regulators and institutional players watch DeFi’s security trackrecord, the incident underscores the need for robust audit and monitoring frameworks.

Kelp DAO’s rebuttal challenges LayerZero’s narrative, arguing that the 1‑1 DVN configuration blamed for the breach was in fact the platform’s default, employed by roughly 47 % of its 2,665 active OApp contracts. Internal Telegram evidence, according to Kelp, shows LayerZero’s team approving this setup during the L2 expansion. More critically, the attack originated inside LayerZero’s trust boundary: compromised RPC nodes operated by the messaging layer allowed attackers—believed to be linked to North Korea’s Lazarus Group—to forge attestations and sign transactions exceeding $100 million. Kelp contends LayerZero’s monitoring failed to detect the intrusion, exposing systemic weaknesses.

In response, Kelp announced a migration of rsETH to Chainlink’s Cross‑Chain Interoperability Protocol (CCIP) and its CCT token standard, signaling a shift toward more audited messaging solutions. The move reflects broader industry pressure to diversify bridge providers after multiple high‑value hacks have eroded confidence in single‑point‑of‑failure architectures. Defi United and other coalitions are also working to restore rsETH’s backing and recover stolen assets on platforms such as Aave and Compound. The episode will likely accelerate regulatory scrutiny and push developers to adopt stricter node monitoring, multi‑signature safeguards, and transparent configuration defaults.