Kelp DAO Blames LayerZero Defaults for $290M Bridge Exploit
Kelp DAO is pushing back on LayerZero’s post-mortem of the $290M exploit, asserting that the compromised verifier was LayerZero’s own default infrastructure. Attackers poisoned servers, draining 116,500 rsETH. Kelp claims 40% of LayerZero protocols use the same single-verifier setup, disputing any warnings were ignored.
Quick Take
Kelp DAO says LayerZero’s own default 1/1 verifier setup led to the hack.
116,500 rsETH ($290M) drained; emergency pause saved $200M more.
Attackers compromised LayerZero’s servers and forced verifier migration.
40% of protocols on LayerZero still use the single verifier configuration.
Market Impact Analysis
BearishExploit details and blame game erode trust in LayerZero’s infrastructure, likely causing negative sentiment for cross‑chain messaging and related assets.
Speculation Analysis
Key Takeaways
- Kelp DAO says LayerZero’s own default 1/1 verifier setup, not its choice, enabled the $290M exploit.
- Attackers compromised two LayerZero servers, forced verifier migration, and drained 116,500 rsETH.
- 40% of LayerZero protocols still use the same single-verifier configuration, posing systemic risk.
- Emergency pause saved an additional $200 million; core restaking contracts were untouched.
What Happened
Kelp DAO is publicly contesting LayerZero’s post-mortem of Saturday’s $290 million bridge exploit. The liquid restaking protocol claims the compromised verifier was LayerZero’s own default infrastructure, not a third-party DVN. Attackers infiltrated two servers controlled by LayerZero, which validate cross-chain messages, and flooded backup servers with traffic to force the verifier onto compromised systems. Kelp argues the default single-verifier (1/1) configuration—used by 40% of LayerZero protocols—left the bridge with no redundancy. The exploit drained 116,500 rsETH before an emergency pause halted further losses. Kelp says it never received a specific recommendation to change its setup, and LayerZero’s own quickstart guide defaults to a 1/1 configuration.
The Numbers
The attackers stole 116,500 rsETH, worth roughly $290 million. Kelp’s emergency pause, activated 46 minutes after the initial drain, blocked two subsequent attempts that would have released an additional $200 million. Despite the scale, Kelp’s core restaking contracts remained untouched; the exploit was isolated to the bridge layer. Data shows 40% of protocols on LayerZero still operate under the 1-of-1 verifier setup, leaving over $10 billion in total value potentially exposed to similar single-point failures. The exploit underscores the vulnerability of monolithic verifier architectures when the verifying infrastructure is itself centralized and attacker-controlled.
Why It Happened
The root cause, according to Kelp, was a “sophisticated state-sponsored attack” that compromised LayerZero’s servers. By poisoning the transaction verification nodes, attackers could forge messages that appeared legitimate. The single-verifier configuration meant no secondary check existed to catch the fraud. LayerZero’s post-mortem blamed Kelp for ignoring warnings to adopt multi-DVN redundancy, but Kelp’s source says those warnings were never explicit for rsETH. Moreover, LayerZero’s own developer documentation promotes the 1/1 setup as the default, a design choice now under fire for creating systemic risk rather than a protocol-specific oversight.
Broader Impact
The dispute threatens trust in LayerZero’s cross-chain messaging and raises alarms for the 40% of its protocols still using a single verifier. If LayerZero’s default configurations are insecure, it could trigger a wave of user withdrawals and migration to multi-verifier bridges. The incident also highlights the dangers of concentrated infrastructure in what are marketed as decentralized systems, potentially accelerating industrywide adoption of multi-validator standards.
What to Watch Next
- Monitor whether projects using LayerZero rush to reconfigure their DVN setups, especially those with large TVLs using the 1/1 model.
- Watch for statements from LayerZero addressing the dispute; any admission of fault could further pressure its ecosystem and LZ token.
- Track if this accelerates EigenLayer-related security audits and multi-verifier mandates across restaking protocols.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
