TLDR
- A bridge exploit on April 18 drained $292 million worth of rsETH tokens from Kelp DAO through its LayerZero integration
- Attackers extracted 116,500 rsETH tokens and leveraged them on Aave v3 to secure loans in wrapped Ether
- Kelp maintains LayerZero validated the single-verifier configuration that allowed the breach
- LayerZero contests this assertion, stating Kelp independently switched from multi-DVN to a 1-of-1 arrangement
- The protocol has begun transitioning rsETH to Chainlink’s Cross-Chain Interoperability Protocol (CCIP)
A significant security breach struck DeFi protocol Kelp DAO on April 18, resulting in approximately $292 million in losses when malicious actors extracted 116,500 rsETH tokens through its LayerZero-connected bridge infrastructure.
The stolen tokens were subsequently deposited as collateral on Aave v3, allowing the attackers to extract wrapped Ether. Kelp managed to pause its smart contracts after two fraudulent transactions processed over $100 million in total.
LayerZero attributed the attack to the Lazarus Group, a hacking organization tied to North Korea. According to reports, the perpetrators obtained access to the RPC node list used by the LayerZero Labs DVN, successfully breached two nodes, and replaced their operating software.
The attackers subsequently executed a DDoS offensive against the uncompromised nodes, redirecting network traffic toward the corrupted infrastructure. The manipulated DVN then validated fraudulent transactions that never legitimately occurred on the blockchain.
The incident has triggered an ongoing public disagreement between Kelp DAO and LayerZero regarding accountability for the security weakness.
The DVN Configuration Dispute
In LayerZero’s April 19 technical analysis, the company stated the vulnerability existed because Kelp’s bridge operated with a single decentralized verifier network (DVN) instead of multiple independent verifiers. LayerZero characterized this configuration as contradicting its advised security architecture.
Kelp responded with a detailed rebuttal on Tuesday. The protocol published documentation claiming LayerZero staff examined its configuration throughout 2.5 years across eight separate integration reviews and raised no concerns about the single-verifier arrangement.
Kelp shared screenshots from Telegram conversations purportedly demonstrating a LayerZero representative accepting the configuration without raising objections. CoinDesk has been unable to authenticate these screenshots independently.
Kelp referenced Dune Analytics statistics indicating approximately 47% of around 2,665 active LayerZero contracts employed the identical 1-of-1 DVN configuration during a 90-day period concluding near April 22. These contracts represented over $4.5 billion in combined market capitalization.
Sujith Somraaj, a security researcher who previously conducted audits for LayerZero, revealed he had filed a bug bounty submission detailing this precise attack methodology prior to the breach. According to Somraaj, LayerZero dismissed his report.
LayerZero Denies the Claims
Bryan Pellegrino, CEO of LayerZero, stated on X that numerous allegations from Kelp were “just completely untrue.”
Pellegrino asserted that Kelp initially deployed the advised multi-DVN default configuration and subsequently modified it manually to a 1-of-1 setup. He indicated that comprehensive post-incident analysis from independent security organizations would be released shortly.
A LayerZero representative provided a written response stating that protocol defaults throughout nearly all integration pathways utilize multi-DVN configurations. The representative explained that where 1-of-1 configurations appear in templates, they reference a “DeadDVN” that blocks messages and requires developers to establish proper settings before deployment.
LayerZero announced a policy change prohibiting message signing for any application operating with a 1-of-1 configuration, effective immediately following the security incident.
Kelp maintains its internal team identified and reported the vulnerability to LayerZero first.
The protocol has initiated the migration of rsETH from LayerZero’s OFT standard to Chainlink’s Cross-Chain Token standard through its Cross-Chain Interoperability Protocol. According to current documentation, on at least two integrated networks, Dinari and Skale, the LayerZero Labs DVN continues to serve as the sole listed attestor.
