KelpDAO is challenging statements made by LayerZero Labs about the security incident that happened on April 18, 2026. In a recent post, KelpDAO explained that the problem was caused by issues with LayerZero’s systems, not by any mistakes on their side.
KelpDAO reports that hackers targeted LayerZero, causing losses exceeding $300 million across various DeFi platforms. LayerZero’s system initially processed over $100 million in fraudulent transactions before KelpDAO stepped in and temporarily stopped its contracts, preventing further damage.
KelpDAO Counters LayerZero Narrative
Kelp stated that acting quickly limited the financial losses, despite the fact that the vulnerable system continued to operate for a while after the problem was found and flagged.
The main point of disagreement is LayerZero’s claim that a problem with KelpDAO’s settings caused the security incident. KelpDAO disagrees, arguing that those settings were standard practice within the LayerZero network and followed LayerZero’s own instructions.
According to Kelp’s data, many applications built on LayerZero used similar network setups, with a lot of them specifically using a 1-to-1 connection with LayerZero’s own network. This wasn’t unusual or a test case – it was a common way these applications were deployed, and many different projects followed this practice.
As a researcher, I’ve been looking into this situation and understand that LayerZero’s DVN is central to how their system works and is automatically included in the tools we, as developers, receive. LayerZero’s guides and starter templates actually encourage us to use these standard configurations, often without needing to set up extra DVNs. We at Kelp followed these guidelines when we integrated the infrastructure back in early 2024, and we kept the LayerZero team informed throughout the process. Our setup choices were reviewed and explicitly approved by them, and at no point were we alerted to any potential security concerns.
According to reports analyzed by Kelp, systems used to track blockchain activity were hacked, and false confirmations were sent through the DVN. Some experts believe this was a large-scale attack on the underlying infrastructure, not just a problem with how data was requested. This suggests that nodes were compromised and LayerZero’s security measures were not strong enough.
LayerZero Labs has acknowledged that hackers gained access to the systems they use for communication (RPC endpoints) and took control of several nodes before launching what they’re calling an ‘RPC spoofing attack.’ However, both the Kelp team and other experts suggest this explanation doesn’t fully capture the problem, as the system still accepted fraudulent messages even with security measures in place.
Transition to Chainlink
KelpDAO quickly took steps to protect its systems after the incident, including temporarily stopping all contract activity and thoroughly examining how it connects to other blockchains. Looking ahead, the protocol plans to stop using LayerZero’s OFT standard and instead utilize Chainlink’s CCIP for cross-chain communication.
This update will integrate rsETH with Chainlink’s standard for cross-chain tokens. The change is designed to improve security and reduce potential vulnerabilities by eliminating single points of failure.
Read More
- Everything You Need To Know About Nikki Baxter In Stranger Things’ Animated Spinoff
- The Boys Season 5, Episode 5 Ending Explained: Why Homelander Does THAT
- After 11 Years, Black Clover Officially Ends With Final Release (& Crowns a New Wizard King)
- Welcome to Demon School! Iruma-kun season 4 release schedule: When are new episodes on Crunchyroll?
- ‘The Bride!’ Review: Jessie Buckley Breathes Life into a Monstrous Mess
- 7 Most Brutal Avengers Villains, Ranked by Threat Level
- Miranda Kerr Shares “Quick” Procedure She Got Before Met Gala 2026
- Gemma Arterton spy thriller Secret Service based on hit novel gets release date confirmed on ITV
- 10 Best Free Games on Steam in 2026, Ranked
- 10 Movies That Were Banned in Different Countries For Random Reasons
2026-05-06 22:53