Kelp DAO rsETH bridge hack drains $292M amid LayerZero validator dispute

Kelp DAO’s rsETH bridge was hit by a security breach tied to LayerZero validator infrastructure, with $292 million reportedly drained and two additional fraudulent transactions exceeding $100 million each. The latest report says attackers linked to North Korea’s Lazarus Group exploited an April 16 LayerZero ecosystem vulnerability by compromising two LayerZero Labs validator RPC servers, planting malware, and DDoS’ing remaining nodes to redirect signing to fake nodes. LayerZero said the protocol executed as designed, but applications using a one-to-one validator model would be blocked from signing. A major dispute is now underway over responsibility. LayerZero argues Kelp DAO’s “one-to-one validator” setup created the risk, while Kelp DAO says LayerZero reviewed its configuration across eight integration meetings over 2.5 years and raised no security concerns. Independent researchers also point to public default code that highlights the single-source verification danger. Market exposure is non-trivial: Dune Analytics estimates nearly 47% of ~2,665 LayerZero OApps used one-to-one validators in the past 90 days, representing about $4.5B in assets at similar risk. For traders, the rsETH bridge incident is near-term bearish for DeFi risk sentiment: liquidity can freeze, TVL can drop quickly, and bridge/smart-contract risk premia may widen. The medium-term focus is whether affected protocols rapidly migrate away from one-to-one validator setups and stabilize liquidity flows. Kelp DAO plans to migrate the rsETH bridge from LayerZero to Chainlink’s cross-chain protocol, fully adopting Chainlink architecture and phasing out LayerZero standards.
Bearish
The rsETH bridge hack reinforces near-term bridge and validator-model risk, and the reported $292M drain plus TVL/liquidity disruption typically leads traders to de-risk. The one-to-one validator controversy suggests broader exposure across LayerZero OApps (Dune estimates ~47% using the same model), which can keep capital cautious until migrations are completed. While Kelp DAO’s planned move to Chainlink can be a stabilizing longer-term step, the immediate market impact is likely negative because liquidity constraints, heightened monitoring, and risk premia tend to persist until protocols confirm mitigation and validator security is rebuilt.