KelpDAO plans to adopt Chainlink CCIP after a massive exploit last month.
KelpDAO has publicly disputed the claims made by LayerZero Labs regarding the April 18, 2026 exploit. In its latest post on X, it claimed that the incident was caused by a failure in LayerZero’s infrastructure and not by any misconfiguration on its platform.
According to KelpDAO, attackers exploited LayerZero’s systems, resulting in over $300 million in losses across multiple DeFi protocols. The team also revealed that two additional fake transactions worth over $100 million were successfully signed and processed by LayerZero’s DVN before they were stopped after Kelp intervened and temporarily suspended its contracts.
KelpDAO counters the LayerZero narrative
kelp He claimed This early response prevented further financial damage, although the underlying bridge infrastructure remained active for some time after the problem was discovered and reported.
At the heart of the dispute is LayerZero’s assertion that exploitation It resulted From a configuration issue specific to KelpDAO. Kelp rejected this explanation, while claiming that the configuration in question was widely used across the LayerZero ecosystem and consistent with its official documentation.
Data cited by Kelp indicates that a significant portion of LayerZero applications rely on similar DVN setups, including many applications that operate within a 1-1 configuration that includes LayerZero’s DVN. This setup was neither unique nor experimental but was part of standard publishing practices followed by many protocols.
Kelp also explained that LayerZero’s DVN is a core component of its ecosystem and is included in the default configurations provided to developers. LayerZero’s documentation and quickstart templates guide creators toward these default settings, often without the need for additional DVNs, the company noted. Kelp said it has followed these guidelines and maintained regular communications with the LayerZero team since integrating the infrastructure in early 2024. During this period, Kelp added that its configuration options have been reviewed and approved, and there was no indication that the setup posed a security risk.
Reports cited by Kelp describe compromised off-chain systems responsible for monitoring blockchain activity, as well as fraudulent certificates operated through DVN. Some researchers detailed the event as a broader infrastructure breach rather than a limited RPC issue, again pointing to compromised nodes and vulnerabilities within LayerZero’s confines of trust.
You may also like:
Meanwhile, LayerZero Labs admitted in its post-mortem that attackers accessed the RPC endpoints used by its DVN and took control of multiple nodes before carrying out what it called an RPC spoofing attack. However, Kelp and independent analysts believe this description downplays the problem, as fake messages are still being approved despite safeguards.
Move to Chainlink
KelpDAO implemented immediate measures to secure its systems in response. This included pausing contracts and undertaking a full review of the bridge infrastructure. As part of its long-term strategy, the protocol announced plans to move away from LayerZero’s OFT standard and adopt the Cross-Chain Interoperability Protocol (CCIP) developed by Chainlink.
This transition will move rsETH to Chainlink’s on-chain token standard. The protocol revealed that the goal of this change is to reduce reliance on single points of failure while enhancing security across the chain in the future.
