LayerZero Apologizes, Admits 1/1 Verifier Error After Kelp Hack

LayerZero issued a public apology for its handling of the April 18 exploit that drained about $292 million in rsETH from Kelp DAO and acknowledged errors in its verifier setup and operations. The company wrote that it “done a terrible job on comms over the past three weeks” and that it prioritized a full post‑mortem over immediate direct updates.

LayerZero described how attackers poisoned the protocol's internal RPC nodes, which the Decentralized Verifier Network (DVN) used to read source‑chain state. At the same time, the attackers launched distributed‑denial‑of‑service attacks against external RPC providers. Those combined actions forced the DVN to fall back to compromised infrastructure and sign off on transactions that had not actually occurred. LayerZero previously attributed the attack to a Lazarus Group subgroup known as TraderTraitor.

The company acknowledged it was wrong to allow its DVN to operate as a single‑verifier, or 1/1, for high‑value transactions. LayerZero wrote, “We believe developers should choose their own security configurations, but we made a mistake by allowing our DVN to act as a 1/1 DVN for high‑value transactions” and added that it “didn't police what our DVN was securing, which created a risk we simply didn't see.”

LayerZero's initial incident statement had placed responsibility on Kelp DAO's configuration. Kelp disputed that account and pointed to LayerZero's documentation and developer guides as encouraging single‑verifier setups. An independent analysis cited by Kelp found that about 47% of roughly 2,665 active LayerZero OApp contracts were using a 1/1 configuration at the time of the exploit. LayerZero said the exploit affected a single application, representing about 0.14% of applications on the network and roughly 0.36% of the value of assets using LayerZero. The company noted that more than $9 billion has moved across the protocol since April 19.

The blog post disclosed a separate operational security incident involving a multisig signer from roughly three and a half years ago. A signer used a production hardware wallet to execute a personal trade rather than a personal device. The signer was removed, wallets were rotated, and anomaly detection software was added to signing devices. Onchain researchers had flagged other instances of production multisig keys used for unrelated decentralized exchange activity. LayerZero CEO Bryan Pellegrino described those transactions as OFT testing by former signers who have since been removed.

LayerZero listed technical and operational changes it has implemented or plans to implement. The LayerZero Labs DVN will no longer service 1/1 DVN configurations. Default settings on pathways are being migrated to require at least five verifiers where possible, with a floor of three on chains with only three DVNs. The firm is developing a second DVN client in Rust to increase client diversity and has reconfigured its RPC setup to allow finer quorum controls across internal and external node providers. LayerZero also plans to raise its own multisig threshold from 3‑of‑5 to 7‑of‑10 using OneSig, a tool that lets signers locally hash transactions before signing. The company said it is building a platform called Console for asset issuers to configure and monitor security settings with built‑in anomaly detection.

Several projects have moved away from LayerZero since the exploit. Kelp DAO announced it would leave the network, and another protocol said it would migrate more than $700 million in tokenized bitcoin off LayerZero. The DeFi United recovery effort has raised more than $300 million in ETH and stablecoins. LayerZero contributed 10,000 ETH, split between a 5,000 ETH donation and a 5,000 ETH loan to Aave; Aave faces an estimated $124 million to $230 million in bad debt related to the incident. The Arbitrum DAO voted to release 30,766 frozen ETH to the recovery effort, and a judge allowed that transfer to proceed despite a restraining notice from North Korean terrorism victims and creditors.

LayerZero said it will publish an official post‑mortem after its external security partners complete their investigations.