coin-img-ETHETH+0.65%coin-img-BTCBTC+1.62%coin-img-SOLSOL+2.72%coin-img-TONCOINTONCOIN+19.29%coin-img-SLINKSLINK+10.75%coin-img-XRPXRP+1.61%coin-img-USDCUSDC-0.01%coin-img-DOGEDOGE+4.09%coin-img-ETHETH+0.65%coin-img-BTCBTC+1.62%coin-img-SOLSOL+2.72%coin-img-TONCOINTONCOIN+19.29%coin-img-SLINKSLINK+10.75%coin-img-XRPXRP+1.61%coin-img-USDCUSDC-0.01%coin-img-DOGEDOGE+4.09%coin-img-ETHETH+0.65%coin-img-BTCBTC+1.62%coin-img-SOLSOL+2.72%coin-img-TONCOINTONCOIN+19.29%coin-img-SLINKSLINK+10.75%coin-img-XRPXRP+1.61%coin-img-USDCUSDC-0.01%coin-img-DOGEDOGE+4.09%coin-img-ETHETH+0.65%coin-img-BTCBTC+1.62%coin-img-SOLSOL+2.72%coin-img-TONCOINTONCOIN+19.29%coin-img-SLINKSLINK+10.75%coin-img-XRPXRP+1.61%coin-img-USDCUSDC-0.01%coin-img-DOGEDOGE+4.09%

Kelp DAO to Move Cross-Chain Stack to Chainlink CCIP After Disputing LayerZero's Role in $300M Exploit

Kelp DAO said it will migrate its cross-chain infrastructure to Chainlink's Cross-Chain Interoperability Protocol (CCIP) following a dispute over the cause of a $300 million exploit tied to LayerZero. In a post dated 5 May, Kelp argued that the 18 April attack stemmed from weaknesses in LayerZero's infrastructure, rejecting earlier suggestions that a protocol-level misconfiguration on Kelp's side was to blame. Kelp pushed back on claims that its use of a 1-of-1 Decentralized Verifier Network (DVN) setup created the vulnerability. It said the configuration was widely used across the LayerZero ecosystem, appeared in default documentation, and had been explicitly approved in prior communications. Citing public data, Kelp added that nearly half of LayerZero-integrated applications reportedly used similar setups, with most transactions relying on LayerZero's own DVN. Kelp said the exploit involved a compromise of LayerZero's off-chain infrastructure that enabled attackers to manipulate RPC nodes and produce forged transaction attestations. The attackers allegedly minted unbacked rsETH and routed funds through DeFi protocols. Kelp said it paused contracts within an hour of detecting the incident and claims it prevented additional losses of more than $100 million. The protocol also flagged what it described as inconsistencies in LayerZero's postmortem, including its framing of the breach as an isolated configuration issue. Kelp noted that LayerZero later restricted 1-of-1 DVN setups after the exploit, which it said conflicts with earlier guidance that the configuration was acceptable. Kelp raised further concerns over shared infrastructure dependencies, a lack of monitoring alerts, and the exposure of RPC endpoints, arguing these issues point to broader risks in LayerZero's trust model. As part of its response, Kelp confirmed it will transition to Chainlink CCIP, citing the protocol's security model and track record. Kelp said its focus is securing user funds and restoring confidence, with a full forensic report expected later. Final Summary: Kelp DAO plans to move to Chainlink CCIP after accusing LayerZero of infrastructure failures tied to a $300 million exploit. The dispute underscores growing scrutiny of cross-chain security and the systemic risks created by widely used default configurations.
Selected
LINK
LINK+4.16%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.