KelpDAO has publicly disputed claims made by LayerZero Labs relating to the April 18, 2026, exploit. Within the newest publish on X, it argued that the incident stemmed from failures inside LayerZero’s infrastructure moderately than any misconfiguration by itself platform.
Based on KelpDAO, attackers exploited LayerZero’s programs, ensuing within the lack of greater than $300 million throughout a number of DeFi protocols. The crew additional revealed that two extra cast transactions value over $100 million had been efficiently signed and processed by LayerZero’s DVN earlier than being halted after Kelp intervened and paused its contracts.
KelpDAO Counters LayerZero Narrative
Kelp claimed that this early response prevented additional monetary harm, although the underlying bridging infrastructure remained energetic for a while after the difficulty had been detected and reported.
On the middle of the dispute is LayerZero’s assertion that the exploit resulted from a configuration situation particular to KelpDAO. Kelp rejected this rationalization, whereas claiming that the configuration in query was broadly used throughout the LayerZero ecosystem and aligned with its official documentation.
Knowledge cited by Kelp signifies that a good portion of LayerZero functions relied on comparable DVN setups, together with many working underneath a 1-1 configuration involving LayerZero’s personal DVN. This setup was neither distinctive nor experimental however a part of normal deployment practices adopted by quite a few protocols.
Kelp additionally defined that LayerZero’s DVN is a core element of its ecosystem and is included in default configurations offered to builders. The corporate identified that LayerZero’s documentation and quickstart templates information builders towards these default setups, typically with out requiring extra DVNs. Kelp acknowledged that it adopted these pointers and maintained common communication with the LayerZero crew since integrating the infrastructure in early 2024. Throughout this era, Kelp added that its configuration decisions had been reviewed and authorised, and there was no indication that the setup posed a safety threat.
Studies cited by Kelp describe compromised off-chain programs liable for monitoring blockchain exercise, in addition to fraudulent attestations triggered by way of the DVN. Some researchers have detailed the occasion as a broader infrastructure breach moderately than a restricted RPC situation, which, once more, factors to compromised nodes and weaknesses inside LayerZero’s belief boundary.
In the meantime, LayerZero Labs admitted in its postmortem that attackers accessed RPC endpoints utilized by its DVN and took management of a number of nodes earlier than finishing up what it referred to as an RPC spoofing assault. Nevertheless, Kelp and impartial analysts imagine that this description downplays the difficulty, as pretend messages had been nonetheless authorised regardless of safeguards.
Transition to Chainlink
KelpDAO carried out quick measures to safe its programs in response. This included pausing contracts and conducting a full evaluate of its bridging infrastructure. As a part of its long-term technique, the protocol has introduced plans emigrate away from LayerZero’s OFT normal and undertake the Cross-Chain Interoperability Protocol (CCIP) developed by Chainlink.
This transition will transfer rsETH to Chainlink’s Cross-Chain Token normal. The protocol revealed that the intention of this variation is to scale back reliance on single factors of failure whereas strengthening cross-chain safety going ahead.
The publish After Disputing LayerZero Claims, KelpDAO Prepares Chainlink CCIP Migration appeared first on CryptoPotato.