Operating in the field of DeFi, Kelp DAO is preparing to move its restaking token rsETH to Chainlink’s oracle platform after the 292 million dollar cyber attack in April. While making this decision, the platform continued to point out the responsibility of the attack to the LayerZero infrastructure.
Attack Details and Infrastructure Discussion
In the attack that took place on April 18, 116,500 restaked ETH was stolen from Kelp DAO’s LayerZero-based bridge. The attackers used these captured tokens as collateral on Aave v3 and withdrew wrapped Ether in return. The incident has become one of the highest-profile security breaches seen in the DeFi ecosystem this year.
Following the attack, LayerZero published an evaluation report on the incident and stated that the security vulnerability was caused by relying on a single LayerZero validator in Kelp DAO’s decentralized validator network (DVN). LayerZero argued that it had previously warned about this structure, where multiple independent controls were not required.
“Following the recent LayerZero attack, we decided to migrate to Chainlink CCIP to ensure rsETH is completely secure,” Kelp DAO said in a statement on Tuesday.
On the other hand, the Kelp DAO side claimed that the single validator (1-1) structure is LayerZero’s default setting and is used by many protocols. According to data from Dune Analytics, it turns out that nearly half of LayerZero users use a single DVN. Kelp DAO also claimed that LayerZero approved this structure and did not inform about possible risks.
Mutual Accusations and Reactions
Kelp DAO emphasized that it has been operating on the LayerZero infrastructure since the beginning of 2024 and is in constant communication with the team. It was also stated that DVN configuration was brought up many times and these settings were confirmed as safe at that time.
After the attack, LayerZero announced that it would no longer verify cross-chain messages of applications based on a single verifier and that it planned to switch protocols that work in this way to multiple DVN structures.
Bryan Pellegrino, co-founder and CEO of LayerZero, said in his post on his social media account, “Many of Kelp’s claims are completely untrue,” and claimed that the default settings were actually multiple DVN or DeadDVN, while Kelp manually switched to a single authenticator.
Pellegrino also stated that the original settings were established on multiple DVNs between LayerZero Labs and Google, and then Kelp opted for the risky structure by making manual changes. It was also announced that detailed analyzes of independent security companies regarding the incident will be shared soon.
Suspects Behind the Attack
It is emphasized that the attacks targeting Kelp DAO and the decentralized exchange Drift, which were similarly attacked in early April, are related to hacker groups affiliated with North Korea. It was reported that the attack in Drift caused a total loss of 285 million dollars.
All these developments have given rise to new discussions about the security of cross-chain bridges and decentralized verification processes in the DeFi world.
