Vb65obs0.putty PDocsFinance & Crypto
Related
How to Advocate for Digital Fairness in the EU: A Step-by-Step Guide Based on EFF's RecommendationsMaster CSS Contrast: A Step-by-Step Guide to Adjusting Visual DepthThe Human Edge: Why Skilled Workers Are Beating AI in the Token Economydocs.rs Streamlines Builds: Defaulting to a Single Target in 2026Lighter Adopts USDC as Primary Stablecoin in Strategic Circle AllianceHow to Begin Your Dart and Flutter Journey with the New Getting Started ExperienceMistral AI Unveils Cloud-Based Coding Agents and Upgraded Model, Challenging Bigger RivalsPalantir Stock Plunges After Strong Earnings: 7 Key Questions Answered

Kelp DAO Rebuts LayerZero's Account of $300M rsETH Bridge Exploit, Moves to Chainlink Standard

Last updated: 2026-05-06 06:16:19 · Finance & Crypto

Background of the April 18 Bridge Exploit

On April 18, 2024, the decentralized finance ecosystem was rocked by a sophisticated attack on the rsETH bridge, resulting in approximately $300 million in losses. The exploit targeted the cross-chain token standard used by Kelp DAO's liquid restaking token, rsETH, which relied on LayerZero's Omnichain Fungible Token (OFT) framework. The incident sent shockwaves through the DeFi community, prompting urgent investigations by both Kelp DAO and the interoperability protocol LayerZero.

Kelp DAO Rebuts LayerZero's Account of $300M rsETH Bridge Exploit, Moves to Chainlink Standard
Source: thedefiant.io

Timeline of Events

Initial reports indicated that an attacker exploited a vulnerability in the bridge's messaging mechanism, draining millions worth of assets. LayerZero quickly released a statement suggesting that the root cause lay with a third-party integration and user misconfiguration, deflecting full responsibility. However, Kelp DAO's subsequent forensic analysis painted a different picture.

Kelp DAO's Detailed Rebuttal

On Tuesday, Kelp DAO published a comprehensive rebuttal to LayerZero's account of the exploit. In a detailed post-mortem, the DAO argued that LayerZero's claims were misleading and that the fault lay primarily with inherent design flaws in the OFT standard. The DAO accused LayerZero of "blaming users for an infrastructure failure" and called for greater accountability in cross-chain messaging protocols.

Accusations of Blame Shifting

Kelp DAO specifically highlighted that the exploit was made possible due to insufficient verification of cross-chain messages within LayerZero's relayer network. "LayerZero's architecture allowed the attacker to spoof authorization messages, something that a properly audited token standard should have prevented," the DAO stated in its rebuttal. The organization further claimed that LayerZero's post-mortem omitted critical details about the exploit's mechanics, instead focusing on peripheral factors like user approval settings.

The rebuttal also included a timeline showing that LayerZero's security team was slow to respond and that their initial remediation advice—urging users to revoke approvals—was a temporary fix that did not address the underlying vulnerability. Kelp DAO emphasized that the security of user funds cannot be contingent on individual user actions when the protocol itself has systemic weaknesses.

Migration to Chainlink's Cross-Chain Token Standard

In the wake of the exploit, Kelp DAO announced a decisive shift in its cross-chain strategy. The DAO confirmed that it will migrate rsETH from LayerZero's OFT standard to Chainlink's Cross-Chain Token (CCT) standard. This move is seen as a vote of confidence in Chainlink's decentralized oracle network and its cross-chain interoperability protocol, CCIP.

Kelp DAO Rebuts LayerZero's Account of $300M rsETH Bridge Exploit, Moves to Chainlink Standard
Source: thedefiant.io

Implications for DeFi Security

The migration underscores a growing trend among DeFi projects to prioritize security over convenience. Chainlink's CCT standard leverages multiple independent oracle nodes to validate cross-chain transfers, reducing the risk of single points of failure. Kelp DAO noted that this architecture would have made the April 18 exploit far more difficult to execute, as an attacker would need to compromise a majority of oracle nodes.

Furthermore, the transition is expected to be seamless for rsETH holders, with the DAO setting up a swap mechanism to replace the compromised tokens. The migration timeline has not been fully disclosed, but Kelp DAO assured the community that it would prioritize security audits and thorough testing before deployment.

Conclusion

The Kelp DAO versus LayerZero incident serves as a stark reminder of the challenges facing cross-chain interoperability in DeFi. While LayerZero remains a widely used protocol, the $300 million exploit has exposed critical vulnerabilities that demand systemic fixes. Kelp DAO's migration to Chainlink's CCT standard signals a shift toward more resilient, oracle-based verification methods.

As the DeFi ecosystem matures, projects will increasingly scrutinize the security guarantees offered by their middleware providers. The $300 million rsETH bridge hack may become a watershed moment, driving industry-wide standards for cross-chain token transfers. For now, Kelp DAO's rebuttal stands as a call for transparency and accountability, challenging LayerZero to address the root causes rather than deflecting blame.

Note: This article is based on public statements and post-mortem reports from Kelp DAO and LayerZero. The full rebuttal is available on The Defiant.

See Also

External Resources

k8cchay88tim88winvndtim8812 Essential Insights into the Role of an Engineering DirectorPython Insider Blog Migrates to Open-Source Git RepositoryGoogle Launches TurboQuant: Breakthrough Compression Suite Targets LLM and Vector Search Efficiencylucky8How Astronomers Uncover the Secrets of Spiral Galaxies: A Step-by-Step Guidek8cchay88lucky8winvndFirefox's Free VPN Just Got a Major Upgrade: 7 Key Details You Need to Know