Kelp DAO Abandons LayerZero for Chainlink CCIP Following $292 Million Bridge Exploit

• Kelp DAO is officially migrating its rsETH liquidity restaking token to Chainlink CCIP, marking the first major exit from LayerZero after the April 18 security breach.
• The move follows a $292 million exploit where attackers, linked to the Lazarus Group, drained 116,500 rsETH by compromising RPC nodes used in a single-validator setup.
• A public dispute has erupted between the protocols, with Kelp DAO citing data that 47% of LayerZero applications utilize the same vulnerable 1-of-1 configuration.

Liquid restaking protocol Kelp DAO has announced plans to transition its cross-chain infrastructure to Chainlink’s Cross-Chain Interoperability Protocol (CCIP), effectively ending its reliance on LayerZero. The decision comes less than three weeks after an attacker drained approximately $292 million in rsETH from the protocol’s bridge, triggering a liquidity crisis that temporarily froze major lending markets including Aave and SparkLend.

The exploit targeted a 1-of-1 Decentralized Verifier Network (DVN) configuration, which Kelp DAO used for its bridge. According to post-mortem reports, the attackers—identified as the North Korean Lazarus Group—conducted a sophisticated RPC poisoning attack. By corrupting the downstream nodes that the DVN relied upon and launching a DDoS attack on healthy nodes, the hackers forced the system to verify fraudulent cross-chain messages, leading to the unauthorized release of 116,500 rsETH on the Ethereum mainnet.

The migration has sparked a heated public debate regarding bridge security standards and default configurations. LayerZero maintains that the incident was a result of misconfiguration by the Kelp team, arguing they manually opted for a single-verifier setup rather than the recommended multi-DVN defaults. Conversely, Kelp DAO claims the 1-of-1 setup was explicitly approved during integration discussions and is a widespread industry practice. The protocol cited Dune Analytics data suggesting that nearly half of all LayerZero-integrated applications operate under similar security profiles, representing over $4.5 billion in value.

In shifting to Chainlink, Kelp DAO aims to leverage the Decentralized Oracle Network (DON), which requires a minimum of 16 independent node operators to validate transactions. This architectural shift is intended to eliminate the single point of failure that characterized the previous bridge setup. Beyond the infrastructure change, rsETH will also adopt the Cross-Chain Token (CCT) standard to enhance security across the 20 blockchains where the asset is currently deployed.

“The migration to Chainlink CCIP directly addresses the core architectural flaw exploited in this incident,” Kelp DAO stated. “Our priority remains securing user funds and rebuilding the trust of the DeFi community through a more resilient multi-node verification model.”

Disclaimer: This article is for informational purposes only and does not constitute advice of any kind. Readers should conduct their own research before making any decisions.

The post Kelp DAO Abandons LayerZero for Chainlink CCIP Following $292 Million Bridge Exploit appeared first on Cryptopress.