DeFi protocol Kelp DAO stated it is going to be migrating its restaking token, rsETH, to the Chainlink oracle platform after the $292 million exploit in April, because it continued responsible the assault on LayerZero’s cross-chain infrastructure.
Hackers stole 116,500 Kelp DAO restaked ETH tokens on April 18 from Kelp DAO’s LayerZero-powered bridge, then used them as collateral on Aave v3 to borrow wrapped Ether.
“After the latest LayerZero exploit, we’re taking steps to make sure rsETH is absolutely safe, which is why we’re migrating to Chainlink CCIP,” Kelp DAO stated in an X submit on Tuesday.
Supply: Kelp DAO
The Kelp DAO hack has been one of many 12 months’s largest safety incidents, inflicting broader ecosystem contagion and impacting the interconnected crypto lending market. On the middle of the exploit has been an argument over who was chargeable for the vulnerability.
Kelp says it wasn’t warned of the safety dangers
A day after the exploit, LayerZero launched a postmortem arguing the hack occurred due to an insufficient setup tied to Kelp’s decentralized verifier community (DVN), which relied on a single LayerZero DVN as the one verified path moderately than requiring a number of unbiased checks to validate cross-chain transactions. LayerZero stated it suggested in opposition to this setup.
Nevertheless, Kelp DAO stated Tuesday the 1-1 setup is the default and is utilized by many different protocols, citing knowledge from analytics platform Dune that discovered roughly half of LayerZero customers have a single DVN. It additionally accused LayerZero of approving the setup and failing to warn in regards to the associated safety danger.
“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero workforce all through. The query of DVN configuration got here up a number of instances and these configurations had been confirmed as safe at the moment,” Kelp DAO added.
Following the hack, LayerZero introduced it would now not validate or approve cross-chain messages for any app that depends on a single verifier, and that it’s within the means of migrating protocols utilizing the setup to a multi-DVN.
LayerZero CEO says most of the claims are unfaithful
Bryan Pellegrino, co-founder and CEO of LayerZero, stated in a reply on X {that a} “ton” of Kelp’s claims had been “simply fully unfaithful.”
Associated: US legislation agency makes an attempt to dam switch of frozen ETH from Kelp exploit
He argued that Kelp initially used the defaults, which had been multi-DVN, and later manually modified to a 1/1 configuration, which is not really helpful for manufacturing functions.
“The defaults Kelp is referencing of their screenshot had been multiDVN or DeadDVN, which force-rejects an software utilizing the defaults in any respect and requires them to manually set configuration. rsETH was initially configured to make use of the default LayerZero configuration of a multiDVN setup of LayerZero Labs + Google,” he added.
Supply: Bryan Pellegrino
Pellegrino additionally stated a whole postmortem by exterior safety companies could be revealed quickly.
North Korea-linked hackers are suspected of being behind the assault on Kelp and the April 1 exploit of decentralized trade Drift, which totaled $285 million.
Journal: Bitcoiners eye ‘promote in Could,’ SBF’s bid for brand spanking new trial shut down: Hodler’s Digest, April 26 – Could 2