Kelp DAO Hack Reignites Scrutiny of Cross-Chain Bridges and Layer 2 Trust Assumptions

More than 40 hours after the Kelp DAO theft, the fallout is still widening. Major names including Aave, LayerZero and Arbitrum have been pulled into the dispute, while some once-popular narratives are now being openly questioned. Influencers have amplified the divide: one prominent KOL argued on X that only ETH remains safe and claimed ARB had authorized the freezing of user assets, adding that "none of the L2s are true L2s anymore." Another KOL said the biggest loser is not Aave or Kelp but LayerZero, and that the incident is less an indictment of Layer 2 than a broader rejection of cross-chain bridges. I. LayerZero's report intensifies backlash as bridges take the reputational hit The debate accelerated after LayerZero published a detailed incident report yesterday, preliminarily attributing the attack to the Lazarus Group, which is widely believed to have North Korean ties. LayerZero said attackers compromised downstream RPC infrastructure used by its decentralized verification network (DVN), taking control of certain RPC nodes and coordinating a DDoS campaign to force failover to malicious nodes, enabling forged cross-chain transactions. "Using compromised nodes to poison the RPC infrastructure, combined with DDoS attacks on unaffected RPCs to force a failover, is an extremely sophisticated approach. This is essentially infrastructure warfare," said Samuel Tse, Head of Investment and Partnerships at Animoca Brands. LayerZero concluded that the protocol "operated exactly as intended" and said no vulnerabilities were found in the protocol itself. It highlighted its modular security design, arguing the incident was contained to a single application with no contagion risk to other OFTs or OApps. That stance triggered a public backlash. Industry researcher CM questioned why a 1/1 DVN configuration was permitted, how an attacker accessed internal RPC lists, and why failover logic would trust a compromised RPC without pausing validation. DeFi developer banteg said the statement framed the issue as RPC poisoning, while failing to explain how the underlying breach occurred, and added that he would not rush to re-enable the bridge. Kelp DAO, in its own statement, disputed the framing that it ignored guidance. It said the single-validator (1/1) setup was the default in LayerZero's official guidelines, and that the DVN exploited in the incident is LayerZero's own infrastructure. Dune analytics data cited in the discussion shows that among 2,665 OApp contracts built on LayerZero, 47% use a 1/1 DVN configuration, effectively relying on a single verification mechanism. Critics argue this default materially amplifies systemic risk across the ecosystem. The emerging consensus is that while LayerZero may not have been directly hacked, it is absorbing the heaviest reputational damage. Market participants say the protocol must address the permissiveness of weak configurations with concrete technical changes and take on greater responsibility in any compensation framework, or risk further erosion of confidence in the cross-chain bridge thesis. II. Is Layer 2's decentralization narrative breaking? Arbitrum executes an unprecedented freeze Layer 2 concerns surged after Arbitrum intervened directly. At noon today, the Arbitrum Security Council said it took emergency action to secure 30,766 ETH held by the hacker at an Arbitrum One address, worth about $71 million at current prices. Arbitrum said extensive technical investigation and deliberation led to a solution that moved funds to a secure location without impacting other chain state or users. The original address can no longer access the ETH, and only Arbitrum governance can decide next steps for transferring the funds in coordination with relevant parties. According to industry sources, the Security Council used a privileged state override transaction type (part of ArbOS but almost never used). This mechanism allows transactions to appear signed by the attacker's key while the chain itself transfers the ETH, bypassing the private key. The transaction type can only be injected via the sequencer/ArbOS upgrade path controlled by the Arbitrum Security Council. The Arbitrum Security Council reportedly has 12 members elected by the Arbitrum DAO, and actions require approval from at least 9 members. The move surprised many users because, unlike stablecoins such as USDT and USDC that can be frozen by issuers like Tether and Circle, ETH as a native asset has not historically been frozen or moved by a chain's administrative action. Supporters describe the intervention as a pragmatic safeguard that makes Layer 2 more institution-friendly, arguing that centralized behavior in exceptional circumstances can be an advantage. Critics see it differently. To many decentralization purists, "no private key required, no authorization needed, direct transfers" redraw the trust boundary for Layer 2. One KOL said the action crossed DeFi's ideological red line: "Not Your keys, not your coins." The incident has revived a long-running tension in crypto between pragmatic security responses and the ideal of fully decentralized guarantees. Conclusion: two flagship narratives on trial, and compensation becomes the next battleground LayerZero's insistence that the protocol behaved as designed may be technically defensible, but it has come at the cost of public trust. Arbitrum's privileged intervention recovered roughly $71 million in ETH, but it has also dented Layer 2's decentralization narrative. The Kelp theft has put two core narratives under pressure: whether cross-chain bridges are essential infrastructure or risk amplifiers, and whether Layer 2s are credible Ethereum scaling extensions or secondary systems that only look decentralized. The episode has also created an ironic loop. A system marketed on decentralization was undermined by a single point of failure in validation assumptions, and the recovery depended on another system's centralized emergency powers. The broader question is now unavoidable: when decentralization ideals collide with the real-world cost of security, which trade-off will the industry accept? Attention is also shifting from narrative damage to user compensation. Despite Arbitrum's recovery of more than $70 million, Aave still faces close to $200 million in bad debt. Aave outlined two potential paths today: (1) socialize losses across all rsETH holders via a uniform writedown of about 15% for rsETH (mainnet + L2), implemented by Kelp DAO, reflecting an approximate 15% depeg; or (2) assign losses entirely to L2 rsETH holders while keeping mainnet rsETH at par. Kelp DAO and LayerZero have not clarified their roles in any compensation plan. Critics argue LayerZero's report reads as an attempt to disclaim responsibility, implying no obligation to compensate. For a multibillion-dollar protocol positioned as foundational infrastructure used by hundreds of projects, the decision to rely on a "technical" disclaimer in the face of losses tied to DVN default configuration has become a focal point of frustration. The situation resembles a prisoner's dilemma: each party may try to cut exposure through interest separation rather than share responsibility to rebuild trust. Given the scale and the prominence of Aave and LayerZero, market participants say the resolution plan will be closely watched—and the outcome could shape confidence in cross-chain and Layer 2 risk assumptions well beyond this incident.