DeFi protocol Kelp DAO announced it will migrate its rsETH token to the Chainlink CCIP oracle platform following a $292 million exploit in April. The protocol continues to blame the hack on vulnerabilities in LayerZero’s cross-chain infrastructure, citing a dispute over security configuration approvals. The incident sparked significant controversy and market contagion within the crypto lending sector.
Kelp DAO is migrating its restaking token, rsETH, to the Chainlink platform after a major security breach. Hackers stole 116,500 rsETH tokens through a LayerZero-powered bridge on April 18.
The stolen tokens were used as collateral on Aave v3 to borrow wrapped Ether. “After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to Chainlink CCIP,” the protocol stated.
LayerZero argued the hack resulted from an inadequate setup of Kelp’s decentralized verifier network. The company said it had advised against using a single LayerZero DVN as the sole verification path.
However, Kelp DAO claimed this 1-1 setup is a default used by many protocols. It accused LayerZero of approving the configuration and failing to provide adequate warning.
“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up multiple times and these configurations were confirmed as secure at that time,” Kelp DAO added. Following the incident, LayerZero announced it will no longer validate messages for apps using a single verifier.
LayerZero CEO Bryan Pellegrino said a “ton” of Kelp’s claims were “just completely untrue.” He asserted that Kelp originally used a multi-DVN default and later manually changed to a riskier 1/1 configuration.
Pellegrino said a complete postmortem by external security firms would be published soon. North Korea-linked hackers are suspected of being behind the Kelp attack and a separate $285 million exploit of decentralized exchange Drift.
