Kelp DAO is moving its restaking token, rsETH, to Chainlink’s Cross-Chain Interoperability Protocol (CCIP). This decision follows a $292 million exploit on April 18. The DeFi protocol blames LayerZero’s cross-chain infrastructure for the attack. LayerZero’s CEO disputes these claims.
Kelp DAO Migration to Chainlink CCIP After Exploit
On May 6, 2026, Kelp DAO announced the migration via an X post. The protocol stated that ensuring rsETH’s security is its top priority. The move to Chainlink CCIP aims to prevent future attacks.
Also read: Bermuda to move key financial services onto Stellar blockchain, premier says
Hackers stole 116,500 Kelp DAO restaked ETH tokens on April 18. They used the stolen tokens as collateral on Aave v3 to borrow wrapped Ether. This exploit is one of the largest security incidents in 2026.
The attack caused broader ecosystem contagion. It impacted the interconnected crypto lending market. Prices of several tokens dropped as the market reacted.
LayerZero Blame Game Intensifies
Kelp DAO argues that LayerZero failed to warn about security risks. It says the 1-1 setup used for the bridge is the default configuration. Data from analytics platform Dune shows roughly half of LayerZero users have a single decentralized verifier network (DVN).
Kelp DAO stated it has operated on LayerZero infrastructure since January 2024. It maintained an open communication channel with the LayerZero team. The DVN configuration was discussed multiple times. LayerZero confirmed these configurations as secure.
But Bryan Pellegrino, co-founder and CEO of LayerZero, disagrees. In a reply on X, he said a “ton” of Kelp’s claims were “just completely untrue.” He argued that Kelp originally used multi-DVN defaults. The protocol manually changed to a 1/1 configuration later.
LayerZero CEO’s Response
Pellegrino explained that the defaults Kelp referenced were multi-DVN or DeadDVN. These defaults force-reject applications and require manual configuration. rsETH was originally set to use a multi-DVN setup with LayerZero Labs and Google.
He also said a complete postmortem by external security firms will be published soon. This report should clarify the technical details of the exploit.
Security Breach Details and Impact
North Korea-linked hackers are suspected of being behind the attack. They are also linked to the April 1 exploit of decentralized exchange Drift, which totaled $285 million. These incidents highlight ongoing security challenges in DeFi.
The Kelp DAO exploit caused significant market disruption. The stolen tokens were used to borrow large amounts of wrapped Ether. This triggered liquidations on Aave v3. The contagion spread to other lending protocols.
Industry watchers note that the incident underscores the risks of cross-chain bridges. Single-DVN configurations are vulnerable. The debate over responsibility continues.
LayerZero’s Response to the Exploit
Following the hack, LayerZero announced policy changes. It will no longer validate or approve cross-chain messages for any app that relies on a single verifier. The company is migrating protocols using this setup to a multi-DVN configuration.
This change aims to prevent similar attacks. But it also raises questions about the security of existing LayerZero-based applications. Many protocols must now update their infrastructure.
Data from Dune shows that half of LayerZero users still rely on single-DVN setups. This suggests a significant number of protocols are at risk. The migration to multi-DVN could be complex and time-consuming.
Kelp DAO’s Migration Plan
Kelp DAO’s move to Chainlink CCIP is a direct response to the exploit. Chainlink’s CCIP uses multiple independent verifiers. This makes it harder for attackers to compromise a single point of failure.
The migration process will involve transferring rsETH liquidity to the new bridge. Users may need to take action to secure their tokens. Kelp DAO promised to provide detailed instructions soon.
This migration could set a precedent for other DeFi protocols. Many may reconsider their cross-chain infrastructure choices. Security is becoming a key differentiator in the market.
Expert Analysis and Market Reaction
Analysts note that the blame game between Kelp DAO and LayerZero is damaging trust. Both parties have reputational stakes in the outcome. The postmortem report will be critical in assigning responsibility.
The implication for investors is clear: cross-chain bridges remain a high-risk area. Due diligence on security configurations is essential. Protocols using single-DVN setups should consider upgrades.
Market reaction to the migration news was mixed. rsETH’s price stabilized after an initial drop. The broader DeFi market remains cautious.
Conclusion
Kelp DAO’s migration of rsETH to Chainlink CCIP marks a significant step after a $292 million exploit. The blame game with LayerZero continues. LayerZero’s CEO disputes Kelp’s claims. A full postmortem is expected soon. The incident highlights the need for reliable cross-chain security. DeFi protocols must prioritize multi-verifier setups to prevent future attacks.
FAQs
Q1: Why is Kelp DAO migrating rsETH to Chainlink CCIP?
A1: Kelp DAO is migrating rsETH to Chainlink CCIP after a $292 million exploit on April 18. The protocol blames LayerZero’s cross-chain infrastructure for the attack. The move aims to enhance security by using multiple independent verifiers.
Q2: What was the $292 million exploit?
A2: Hackers stole 116,500 Kelp DAO restaked ETH tokens on April 18. They used the stolen tokens as collateral on Aave v3 to borrow wrapped Ether. The attack is one of the largest security incidents in 2026.
Q3: Who is responsible for the exploit according to Kelp DAO?
A3: Kelp DAO blames LayerZero’s cross-chain infrastructure. It says LayerZero approved the 1-1 DVN setup and failed to warn about security risks. LayerZero’s CEO disputes these claims.
Q4: What is LayerZero’s response?
A4: LayerZero CEO Bryan Pellegrino says Kelp’s claims are “completely untrue.” He argues that Kelp manually changed from a multi-DVN to a 1/1 configuration. LayerZero will no longer validate apps using single verifiers. A full postmortem is pending.
Q5: Who is suspected of being behind the attack?
A5: North Korea-linked hackers are suspected of being behind the Kelp DAO exploit and the April 1 Drift exploit. These groups are known for targeting DeFi protocols.
Q6: What does the migration mean for rsETH holders?
A6: rsETH holders may need to take action to secure their tokens during the migration. Kelp DAO will provide instructions. The move to Chainlink CCIP should improve security for the token.
Be the first to comment