Kelp DAO moves from LayerZero to Chainlink after $292M exploit
After an April 18 exploit that drained 116,500 rsETH, Kelp DAO replaced LayerZero with Chainlink CCIP and CCT. Investigators suspect attackers linked to North Korea’s Lazarus Group.
On April 18 attackers exploited a LayerZero-powered Omnichain Fungible Token bridge using a 1-of-1 verifier configuration to drain 116,500 rsETH, about $292 million, from Kelp DAO vaults. Investigators suspect the group has links to North Korea’s Lazarus Group.
Kelp DAO announced it will move cross-chain messaging and token transfers to Chainlink’s Cross-Chain Interoperability Protocol (CCIP) and adopt the Cross-Chain Token (CCT) standard for rsETH. Chainlink’s decentralized oracle networks require at least 16 independent node operators to validate cross-chain transactions.
Kelp DAO wrote that the migration “directly addresses the architectural vulnerability at the center of the exploit.” A Chainlink representative described Kelp as “the first major protocol to move away from LayerZero since the exploit.”
The attack used a 1-of-1 Decentralized Verifier Network configuration, which lets a single operator sign cross-chain instructions. Kelp cited an analysis finding about 47% of roughly 2,665 LayerZero applications were running the same single-verifier setup when the exploit occurred. LayerZero has disputed that it recommended the configuration and said it warned partners against a single verifier. LayerZero also announced it will stop signing single-verifier setups.
The exploit prompted a recovery effort called DeFi United to restore rsETH backing. The effort has raised more than $300 million in crypto. LayerZero contributed about 10,000 ETH to recovery, split into a 5,000 ETH donation and a 5,000 ETH loan to Aave.
Legal actions followed the breach. Alleged victims of earlier North Korea-linked hacks filed suit seeking to seize 30,766 ETH that the Arbitrum Security Council froze after the Kelp incident. Arbitrum DAO had been voting on whether to release those funds to DeFi United. Aave filed an emergency motion seeking to lift a temporary restraining order on the funds and vacate the lawsuit.
After the exploit, some projects have begun replacing single-signer bridge architectures with systems that require multiple independent operators to validate cross-chain transfers.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
