KelpDAO Blames LayerZero $300M Exploit, Moves rsETH to Chainlink CCIP

KelpDAO says it was affected by a LayerZero DVN (decentralized validator network) breach on April 18, 2026, citing losses across DeFi that surpassed $300M. KelpDAO disputes LayerZero’s earlier explanation and argues the issue was not caused by a Kelp configuration mistake. According to KelpDAO and independent researchers, attackers operated inside LayerZero’s “trust boundary,” with high-confidence links to DPRK-related activity. Researchers report compromise of two LayerZero DVN RPC nodes, a DDoS on the remaining nodes, and forced DVN signers to validate a transaction that did not exist. LayerZero later acknowledged attackers obtained its DVN RPC list and replaced node binaries. KelpDAO also challenges LayerZero’s claims about DVN setup design risk. It alleges that 1-1 DVN assumptions were widely used (including in a dataset where ~47% of OApp contracts used 1-1 DVNs) and that LayerZero documentation and deployment defaults still favored 1-1 assumptions. To reduce further risk, KelpDAO is migrating rsETH security to Chainlink’s Cross-Chain Interoperability Protocol (CCIP), emphasizing Chainlink oracle reliability and performance during multiple outages. A full forensic report is planned after its review, with user asset protection as the immediate priority. Trading takeaway: the LayerZero-linked bridge and DeFi security narrative is likely to pressure sentiment in the near term, while the rsETH→CCIP migration could partially offset risk perception over time.