Catenaa, Tuesday, May 12, 2026- KelpDAO has accused LayerZero infrastructure of contributing to a $292 million exploit and said it will migrate its cross-chain system to Chainlink as it rebuilds its liquid staking token framework following one of the largest DeFi security incidents of the year.
The dispute centers on an April attack that drained roughly 116,500 rsETH, an Ethereum-based liquid staking token used in cross-chain transfers.
The exploit targeted a bridge system that allowed rsETH to move across multiple blockchain networks. Security researchers have linked the incident to North Korea’s Lazarus Group, a cybercrime organization associated with several high-value crypto thefts.
Central Role
KelpDAO said LayerZero’s infrastructure design played a central role in the breach. The protocol stated that a configuration using a single verifier allowed attackers to manipulate transaction validation after compromising parts of the system’s routing infrastructure.
It said this weakness enabled fraudulent cross-chain transactions to be approved without proper verification.
LayerZero has rejected that claim. The company said the exploit was limited to Kelp’s implementation and argued that the protocol used a single-verifier setup that deviated from LayerZero’s recommended multi-verifier architecture.
The disagreement has escalated into a public dispute over how responsibility should be assigned in decentralized cross-chain systems.
KelpDAO said multiple security firms, including Chainalysis and SEAL 911, support its assessment that the vulnerability originated in LayerZero’s infrastructure configuration.
It also said the single-verifier model used in the exploit was not unique to Kelp and had been widely adopted across other applications in the ecosystem.
The protocol said attackers were able to compromise remote procedure call nodes tied to the verifier network, allowing them to inject falsified transaction data.
That data was then accepted by the system, enabling unauthorized movement of funds across blockchain networks.
Following the incident, KelpDAO said LayerZero updated its policies and moved away from supporting single-verifier configurations. KelpDAO said this change demonstrates that the earlier design carried systemic risk that was not adequately addressed before the exploit occurred.
LayerZero has maintained that its documentation encourages multi-verifier security setups and said protocols remain responsible for how they configure deployments.
The company has not issued a detailed technical breakdown addressing KelpDAO’s latest allegations.
Frozen
The fallout from the exploit has extended beyond technical disputes. About $71 million in assets linked to the attack were frozen on the Arbitrum network, triggering legal proceedings in a New York federal court. The case is now focused on whether the frozen funds should be returned or remain locked pending further investigation.
KelpDAO said the incident has raised broader questions about accountability in cross-chain infrastructure and the risks of relying on single points of validation. It said the experience highlighted structural weaknesses that require a shift toward more decentralized verification systems.
As part of its response, KelpDAO announced it will migrate its rsETH system to Chainlink’s Cross-Chain Interoperability Protocol. The new system uses multiple independent validators to approve transactions, reducing reliance on a single entity for verification.
Chainlink confirmed its involvement in the transition and said it is working with KelpDAO to improve cross-chain security. The company said decentralized finance requires stronger infrastructure to support large-scale adoption and reduce systemic risk.
Chainlink Chief Business Officer Johann Eid said secure interoperability systems are essential for the long-term development of blockchain-based finance. He said protocols must ensure that no single point of failure can compromise cross-chain activity.
The move marks a significant shift for KelpDAO, which had previously relied on LayerZero’s infrastructure for its cross-chain operations. The protocol said it is redesigning its system to prioritize security and transparency following the incident.
The exploit is one of the largest reported DeFi breaches in 2026 and adds to ongoing concerns about vulnerabilities in cross-chain bridges, which remain among the most targeted components of blockchain infrastructure.
Industry analysts have noted that cross-chain systems introduce complex security risks due to the need to coordinate validation across multiple networks. Even small configuration weaknesses can create attack surfaces that are difficult to detect before exploitation.
The incident has also intensified debate over whether decentralized systems should rely on lightweight verification models or more resource-intensive multi-validator frameworks. While simpler systems offer efficiency, critics argue they increase systemic risk.
LayerZero has not publicly responded to KelpDAO’s latest statement at the time of publication.
As investigations continue and legal proceedings advance, the case is expected to influence how cross-chain protocols design verification systems and how liability is assigned in future decentralized finance incidents. KelpDAO said it is focused on securing rsETH and restoring user confidence as it transitions to Chainlink’s infrastructure.
