KelpDAO has publicly challenged LayerZero Labs’ account of the April 18, 2026 exploit, arguing that the breach resulted from failures within LayerZero’s infrastructure rather than a misconfiguration on KelpDAO’s platform. In a recent message on X, the DAO said attackers exploited vulnerabilities in LayerZero’s systems, leading to losses exceeding $300 million across multiple DeFi protocols.
According to KelpDAO, attackers successfully submitted and signed multiple forged transactions through LayerZero’s DVN, including two additional high-value transactions totaling more than $100 million that were processed before KelpDAO intervened. The team says it paused its contracts after detecting suspicious activity, which prevented further losses even though the underlying bridging infrastructure reportedly remained active for some time after the incident was first identified.
KelpDAO Disputes LayerZero’s Explanation
LayerZero Labs has attributed the exploit to a configuration issue on KelpDAO’s side. KelpDAO rejects that narrative and maintains that the configuration in question was commonly used across the LayerZero ecosystem and matched LayerZero’s own documentation and templates. KelpDAO argues that many projects relied on a similar DVN setup, including numerous deployments using a 1-1 configuration that involved LayerZero’s DVN. In KelpDAO’s view, these settings were standard practice rather than experimental or unique to its protocol.
KelpDAO also points out that LayerZero’s DVN is a core component of the platform and is included in default configurations provided to developers. LayerZero’s documentation and quickstart templates, KelpDAO says, guide builders toward these defaults, often without requiring additional DVNs. KelpDAO reports that it followed those official guidelines and maintained regular communication with LayerZero since integrating the infrastructure in early 2024. According to KelpDAO, its configuration choices were reviewed and accepted by LayerZero representatives at the time, and there was no indication given that the setup created a security risk.
To support its position, KelpDAO cites data showing that a significant portion of LayerZero-based applications relied on similar DVN setups. KelpDAO and independent analysts have described the event as an infrastructure compromise rather than an isolated RPC problem. Reports referenced by KelpDAO describe off-chain monitoring systems being breached, attestation mechanisms being forged through the DVN, and nodes being compromised—factors that suggest weaknesses within LayerZero’s trust boundary rather than only an issue with KelpDAO’s configuration.
LayerZero’s postmortem acknowledged that attackers accessed RPC endpoints used by its DVN and gained control of multiple nodes, a sequence LayerZero characterized as an RPC spoofing attack. KelpDAO and several independent security analysts say that characterization understates the severity, noting that forged messages were still approved despite safeguards being in place.
Immediate Response and Security Measures
In response to the incident, KelpDAO took immediate steps to secure its systems. The protocol paused relevant contracts and carried out a comprehensive review of its bridging infrastructure. KelpDAO said this rapid action helped limit losses and allowed the team to investigate the source and scope of the compromise more thoroughly.
Long-Term Changes: Moving to Chainlink CCIP
For a longer-term solution, KelpDAO announced plans to migrate away from LayerZero’s Open Fungible Token (OFT) standard and adopt Chainlink’s Cross-Chain Interoperability Protocol (CCIP). As part of the migration, the protocol intends to move rsETH to Chainlink’s Cross-Chain Token standard. KelpDAO frames this transition as an effort to reduce reliance on single points of failure and to strengthen cross-chain security moving forward.
By shifting to CCIP, KelpDAO aims to use a different trust model and tooling set that it believes will diversify risk and improve resilience for its cross-chain operations. The DAO has indicated that it will continue audits and extensive testing during the migration process to minimize disruption and ensure the integrity of assets and bridging processes.
The dispute highlights broader concerns about the security of cross-chain infrastructure and the operational risks that arise when many projects rely on common components and default configurations. KelpDAO’s public rebuttal and its decision to change interoperability providers underscore the need for greater scrutiny and layered defenses across cross-chain ecosystems.