Written by: Murugaverl Mahasenan, CATENAA

Tuesday, May 12, 2026 – KelpDAO accused LayerZero's infrastructure of facilitating an attack valued at $292 million, stating that it will migrate its cross-chain system to Chainlink during the process of rebuilding its liquid staking token framework. This incident is one of the largest DeFi security incidents of the year.

The controversy centers around an attack that occurred in April, resulting in approximately 116,500 rsETH being stolen. rsETH is a liquid staking token based on Ethereum that can be used for cross-chain transfers.

The attack targeted a bridging system that allows rsETH to be transferred across multiple blockchain networks. Security researchers have linked the incident to the North Korean hacker group Lazarus Group, which is associated with several high-value cryptocurrency thefts.

Core Responsibility

KelpDAO stated that LayerZero's infrastructure design played a central role in the vulnerability incident. The protocol claims that due to the configuration of a single validator in the system, the attacker was able to manipulate the transaction verification process after breaching part of the routing infrastructure.

KelpDAO mentioned that this weakness allowed forged cross-chain transactions to be approved without proper verification.

LayerZero denied this claim. The company stated that the attack was limited to Kelp's specific implementation and claimed that Kelp used a single-validator configuration, which diverged from LayerZero's recommended multi-validator architecture.

The disagreement between the two parties has escalated into a public debate, focusing on how to define responsibility in decentralized cross-chain systems.

KelpDAO stated that multiple security firms, including Chainalysis and SEAL 911, support its assessment that the vulnerability stemmed from issues within LayerZero's infrastructure configuration.

KelpDAO also claimed that the exploited single-validator model is not unique to Kelp, but widely adopted in other applications within the ecosystem.

The protocol reported that the attacker successfully compromised remote procedure call (RPC) nodes associated with the validator network, enabling the injection of forged transaction data.

Subsequently, this data was accepted by the system, allowing the attacker to transfer funds unauthorized between multiple blockchain networks.

KelpDAO stated that after the incident, LayerZero updated its policies and no longer supports single-validator configurations. KelpDAO believes that this change indicates that the previous design indeed had systemic risks, which were not adequately addressed before the attack occurred.

LayerZero, however, maintains that its documentation has always recommended adopting a multi-validator secure configuration and that each protocol must be responsible for its own deployment and configuration methods.

As of now, LayerZero has not released detailed technical explanations regarding KelpDAO's latest accusations.

Asset Freezing and Legal Proceedings

The impact of this attack has extended beyond the technical dispute itself. Approximately $71 million in assets related to the attack have been frozen on the Arbitrum network, resulting in legal proceedings in the New York federal court. The current focus of the case is whether these frozen assets should be returned or remain frozen pending further investigation.

KelpDAO expressed that this incident raised broader questions, including the accountability in cross-chain infrastructure and the risks associated with relying on single-point validation. The protocol stated that this experience exposed structural weaknesses and indicated that the system needs to shift towards more decentralized verification mechanisms.

Migration to Chainlink

As part of its response measures, KelpDAO announced that it will migrate its rsETH system to Chainlink's Cross-Chain Interoperability Protocol (CCIP). The new system will utilize multiple independent validators to approve transactions, thus reducing reliance on a single entity for validation.

Chainlink confirmed its involvement in this migration and stated that it is working with KelpDAO to enhance cross-chain security. The company asserted that for decentralized finance to achieve widespread adoption, a more robust infrastructure is needed to mitigate systemic risks.

Chainlink's Chief Business Officer Johann Eid stated that a secure interoperability system is crucial for the long-term development of blockchain-based finance. He indicated that protocols must ensure that cross-chain activities do not suffer from complete failure due to single points of failure.

This move marks a significant shift for KelpDAO. Previously, the protocol's cross-chain operations relied on LayerZero's infrastructure. KelpDAO stated that after this incident, it is redesigning the system with a priority on security and transparency.

Industry Impact

This attack is one of the largest DeFi security vulnerabilities disclosed in 2026 and has further intensified industry concerns about the vulnerabilities of cross-chain bridges. Cross-chain bridges continue to be one of the most susceptible components of blockchain infrastructure to attacks.

Industry analysts pointed out that cross-chain systems introduce complex security risks due to the need to coordinate verification across multiple networks. Even minor configuration flaws can create attack surfaces that are difficult to detect in a timely manner.

The incident has also heightened discussions about whether decentralized systems should adopt lightweight validation models or resource-intensive multi-validator frameworks. Proponents of simpler systems prioritize efficiency, while critics argue that such models would amplify systemic risks.

As of the time of this article's publication, LayerZero has not publicly responded to KelpDAO's latest statement.

As investigations continue and legal proceedings unfold, this case is expected to influence how future cross-chain protocols design verification systems and how responsibility will be allocated in future DeFi incidents. KelpDAO stated that its current focus is on ensuring the safety of rsETH and restoring user confidence during the migration to Chainlink’s infrastructure.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。