LayerZero vs KelpDAO dispute: $292M rsETH hack ties to 1/1 DVN setup

LayerZero founder Bryan Pellegrino denied KelpDAO’s claim that LayerZero approved the insecure “single-verifier (1/1 DVN)” bridge setup behind the April 18 rsETH exploit (~$292M). Pellegrino says KelpDAO initially deployed rsETH bridging using LayerZero’s default multi-verifier setup, then “manually downgraded” to 1/1 DVN later. He points to LayerZero documentation warning that 1/1 DVN should not be used in production. KelpDAO counters that LayerZero personnel never raised objections during multiple discussions and that LayerZero implicitly allowed the configuration, citing screenshots of internal comments. The dispute follows the incident where 116,500 rsETH were reportedly drained (about 18% of circulating supply). Data cited indicates that before the hack, 47% of active LayerZero OApp contracts used a 1/1 DVN setup. LayerZero has since banned the configuration and is pushing migrations across apps. As a response, KelpDAO says it is migrating rsETH bridging from LayerZero to Chainlink CCIP, and a new CCIP rsETH contract is shown alongside the legacy LayerZero contract on GitHub. For traders, the focus shifts from only containment to accountability: whether rsETH bridge operators properly reviewed DVN risk, and whether LayerZero’s defaults, warnings, and enforcement were sufficient. This could increase near-term caution and volatility in rsETH-linked liquidity until migrations and audits are completed—especially for bridges relying on DVN configuration choices.
Bearish
The dispute centers on insecure rsETH bridging risk tied to a 1/1 DVN configuration. Even though LayerZero claims it warned against 1/1 DVN and later banned it, the attacker reportedly drained ~116,500 rsETH and pre-hack data suggests 47% of active LayerZero OApps used 1/1 DVN—meaning protocol-level and app-level misconfiguration concerns can quickly broaden. KelpDAO’s migration to Chainlink CCIP may reduce future exposure, but near-term uncertainty around which contracts have fully migrated and how quickly liquidity follows can pressure rsETH sentiment. Short-term, expect volatility as bridge operators audit dependencies and traders reprice bridge-risk premiums; long-term impact depends on whether migrations and enforcement eliminate remaining 1/1 DVN usage without further incidents.