News 
Coin Information 
About us 
Customer Service 
Kelp DAO has pushed back against LayerZero’s explanation of the massive rsETH bridge exploit, claiming the interoperability protocol approved the exact verifier configuration later blamed for the $292 million loss.
In a newly released memo titled “Setting the Record Straight Around the LayerZero Bridge Hack,” Kelp stated that LayerZero personnel reviewed its setup for more than two years without warning that the single-verifier configuration posed a major security threat. According to Kelp, the protocol relied on a 1-of-1 DVN structure using LayerZero Labs as the only verifier, which attackers allegedly exploited to drain 116,500 rsETH.
The dispute directly contradicts LayerZero’s earlier postmortem, where the company argued Kelp’s bridge architecture ignored recommended multi-DVN security practices. Kelp, however, claims screenshots from Telegram discussions show LayerZero team members were aware of the setup and raised no objections during integration conversations. CoinDesk has not independently verified the screenshots.
Kelp also criticized LayerZero’s developer documentation and GitHub examples, arguing they encouraged builders to adopt simplified verifier configurations. The protocol referenced LayerZero’s bug bounty rules, which classify verifier-network setups as application-level decisions rather than vulnerabilities within the LayerZero protocol itself.
Security researcher Sujith Somraaj added fuel to the controversy after revealing he previously submitted a bug bounty report describing a similar attack scenario. According to Somraaj, the report was rejected because the issue required all DVNs to fail simultaneously.
Following the exploit, Kelp announced plans to migrate rsETH infrastructure from LayerZero to Chainlink’s Cross-Chain Interoperability Protocol (CCIP). Meanwhile, LayerZero stated the attackers were likely linked to North Korea’s Lazarus Group, which allegedly compromised RPC nodes used by the LayerZero Labs DVN before launching a coordinated DDoS attack.
The incident has intensified debate over cross-chain bridge security and verifier decentralization across the crypto industry.
Comment 0