KelpDAO rebuts LayerZero exploit and moves rsETH to CCIP
KelpDAO publicly disputed LayerZero Labs’ explanation for the April 18, 2026 LayerZero exploit, arguing the root cause was LayerZero infrastructure failure, not rsETH integration misconfiguration. KelpDAO says the attack drained DeFi funds worth over $300M across multiple protocols.
In its updated claims, KelpDAO alleges the LayerZero DVN signed and processed two additional forged transactions worth more than $100M before LayerZero paused contracts. It rejects the “configuration issue” narrative, saying the same 1-of-1 DVN “security floor” was widely used, included in LayerZero defaults, and reflected in official documentation/templates. Kelp also points to compromised off-chain monitoring and fraudulent attestations approved via the DVN. Independent analysis similarly argues the event reflects broader infrastructure compromise, not just an RPC-layer issue.
LayerZero’s postmortem admits “RPC spoofing” mechanics, including RPC endpoint access and node takeovers, but KelpDAO and external reviewers contend the safeguards were insufficient because forged messages still reached the approval path. In response, KelpDAO paused contracts and is reviewing its bridge stack.
Next, KelpDAO plans to reduce single points of failure by migrating rsETH away from LayerZero’s OFT standard to Chainlink’s CCIP (Cross-Chain Token standard). For traders, the immediate takeaway is risk-off sentiment around the LayerZero exploit and bridge security assumptions, with CCIP migration acting as a potential medium-term de-risking catalyst for rsETH.
Bearish
The news escalates credibility concerns around cross-chain bridge security after a >$300M LayerZero exploit, and KelpDAO’s additional claims (extra $100M+ forged transactions) increase near-term tail-risk awareness for rsETH liquidity and integrations. Although KelpDAO plans to migrate to Chainlink CCIP to reduce single points of failure, that switch is a mitigation story, not immediate proof of safer execution—so traders may price in continued operational uncertainty in the short run. Over the longer term, successful migration and improved verifier/oracle assumptions could stabilize sentiment, but the dispute and admitted RPC-spoofing mechanics are likely to keep risk premiums elevated near term.