KelpDAO disputes LayerZero Labs’ explanation of the April 2026 exploit that resulted in over $300 million in losses. The liquid staking protocol argues the attack stemmed from a failure in LayerZero’s infrastructure, not its own configuration. In response, KelpDAO announced plans to migrate its rsETH token to Chainlink’s CCIP standard to enhance security.
KelpDAO has publicly disputed claims from LayerZero Labs regarding the April 18, 2026, exploit. The protocol argued the incident stemmed from failures within LayerZero’s infrastructure rather than any misconfiguration on its platform.
According to KelpDAO, attackers exploited LayerZero’s systems, causing losses exceeding $300 million across multiple DeFi protocols. The team revealed two additional forged transactions worth over $100 million were processed before Kelp intervened.
Kelp claimed its early response prevented further financial damage after detecting and reporting the issue. The protocol rejected LayerZero’s assertion that the exploit resulted from a unique configuration issue specific to KelpDAO.
Data cited by Kelp indicates similar DVN setups were widely used across the LayerZero ecosystem. The protocol stated it followed official documentation and maintained approved configurations since early 2024.
Reports describe compromised off-chain systems and fraudulent attestations triggered through LayerZero’s DVN. Some researchers have detailed the event as a broader infrastructure breach rather than a limited RPC issue.
LayerZero Labs admitted attackers accessed RPC endpoints used by its DVN. However, Kelp and independent analysts believe this description downplays the issue, as fake messages were still approved.
KelpDAO implemented immediate measures including pausing contracts and reviewing its bridging infrastructure. As part of its long-term strategy, the protocol announced plans to migrate away from LayerZero’s OFT standard.
This transition will adopt the Cross-Chain Interoperability Protocol developed by Chainlink. The move aims to reduce reliance on single points of failure while strengthening cross-chain security for its rsETH token.
