The conflict surrounding the Kelp DAO hack is reaching a new level. The protocol no longer agrees with LayerZero’s version, which claims the attack was caused by an allegedly incorrect configuration on Kelp’s side. Now the team asserts the opposite: the compromised scheme was not an exception, but the standard setting that LayerZero itself used as the default.
This is an important shift. The story is no longer just an analysis of a single hack, but a debate about who is responsible for architectural risk in critical DeFi infrastructure.
Kelp Challenges LayerZero’s Key Thesis
After the attack, LayerZero essentially reduced the problem to Kelp DAO’s choice. According to the infrastructure provider, the protocol used a single-verifier scheme, even though it was allegedly recommended to use a more secure configuration with multiple validating nodes.
Now Kelp DAO is preparing a public response with the opposite logic. The team claims it used exactly the configuration that LayerZero offered as the standard during onboarding. If this is true, the question changes radically: it’s no longer about the client ignoring recommendations, but about the possibility that the basic model itself was vulnerable.
At the Center of the Dispute Is the 1-of-1 Configuration
The key technical question is the 1-of-1 DVN scheme. This is a model where a single verifier is sufficient to confirm a cross-chain message. This approach is simpler and faster, but it has an obvious weakness: a single point of compromise can open the door to fake transactions.
This is exactly the scheme that LayerZero is now criticizing in hindsight. But Kelp DAO insists that this configuration was neither marginal nor unusual. On the contrary, it matched the documentation, typical examples, and, according to the team, was confirmed in working contacts with LayerZero as acceptable.
Kelp Claims the Compromised Infrastructure Was LayerZero’s
Another fundamental point concerns the actual target of the attack. According to Kelp DAO, the attackers did not hack an independent third-party verifier chosen by the protocol at its own risk. The compromised verifier was running on LayerZero’s own infrastructure.
The team claims that the attackers gained access to two LayerZero servers used to verify the correctness of cross-chain messages. Then the backup nodes were overloaded with junk traffic, causing the system to rely on the already infected elements. If this version is confirmed, the pressure on LayerZero will only increase.
The Dispute Is About Responsibility, Not a Bug
This is what makes the situation especially sensitive. It’s not about a classic smart contract hack or a compromise of Kelp DAO team private keys. The dispute is about who is responsible for the security of a configuration that the market perceived as functional and standard.
This is a painful question for DeFi. The ecosystem is often structured so that applications depend on infrastructure providers, documentation, ready-made templates, and recommended parameters. If the provider later claims that the configuration used was erroneous, an obvious crisis of trust arises.
Researchers Also Question LayerZero’s Position
Some researchers are also siding with Kelp DAO. They point out that LayerZero’s public documentation and deployment examples did indeed use schemes with a single verification source on major networks. This weakens the company’s position, which after the hack tried to present 1-of-1 as a controversial choice made against recommendations.
The criticism here is simple. If a configuration is recognized as unsafe, it should not be the default, should not be included in examples, and should not be scaled as a working option for new integrations. Otherwise, responsibility cannot lie solely with the protocol that used it.
The Attack Affected the Bridge, Not Kelp’s Core
Kelp DAO specifically emphasizes that the main restaking protocol was not hacked. According to the team, the incident was limited to the bridge layer, which operated on LayerZero’s infrastructure. This is an important detail for the market because it separates the core rsETH mechanics from the cross-chain transfer channel.
In addition, the team claims that the emergency shutdown of contracts 46 minutes after the attack prevented two more withdrawal attempts. Potentially, this saved about $200 million in rsETH that could have been withdrawn on top of the already stolen funds. In other words, the damage could have been significantly higher.
LayerZero Tightens Policy After the Incident
Amid the scandal, LayerZero has already taken a drastic step. The company announced that it will no longer sign messages for applications using a single-verifier configuration. This means a forced migration for all protocols operating under this model.
This decision is telling in itself. It effectively confirms that the single-verifier architecture is no longer considered acceptable. But at the same time, it raises an uncomfortable question: if this scheme was really so vulnerable, why did it exist as a working standard until a hack costing hundreds of millions of dollars?
This Is a Blow to the Reputation of the Entire Cross-Chain Infrastructure
The story with Kelp and LayerZero is important not only as a dispute between two parties. It hits a broader segment—the cross-chain infrastructure on which more and more DeFi protocols rely. If users and teams begin to doubt not just a specific application but the basic logic of bridges, risks quickly spread throughout the ecosystem.
This is especially dangerous in light of recent problems with Aave and other related protocols. One hack has already caused a cascading effect through collateral, liquidity, and bad debt. Now, this is compounded by the question of whether standard configurations from one of the largest infrastructure players can be trusted at all.
What Happens Next?
Further developments depend on which version of events takes hold in the public sphere. If the market accepts Kelp DAO’s argument that the vulnerable infrastructure was LayerZero’s default, it will be a serious blow to the provider’s reputation and the entire model of trust in ready-made cross-chain system settings.
If, however, LayerZero manages to prove that the protocol really deviated from recommendations or failed to implement necessary redundancy, the focus will shift back to the application’s own responsibility. But one thing is already clear: the dispute has gone far beyond a single hack. It touches on the fundamental DeFi question of where decentralization as marketing ends and real responsibility for security architecture begins.
Read more: North Korean hackers change tactics, and DeFi pays the price again
