The popular Spiderman meme showing three identical superheroes pointing fingers at each other is having its crypto moment today.
Kelp DAO is prepared to reject LayerZero’s postmortem of Sunday’s $290 million exploit, which essentially blames Kelp, an L2 source familiar with the matter told CoinDesk. Kelp plans to dispute the cross-chain messaging company’s claim that it ignored repeated warnings to move away from a single verifier setup. CoinDesk has reviewed and verified the company’s discussions.
Kelp is a liquid recovery protocol that takes user-deposited ether, routes it through a yield-generating system called EigenLayer, and issues a receipt token, rsETH, in return.
LayerZero is the cross-chain messaging infrastructure that moves rsETH between blockchains, using entities called DVNs (decentralized verifier networks) to verify if a cross-chain transfer is valid.
On Saturday, attackers drained 116,500 rsETH, worth approximately $290 million, from Kelp’s LayerZero-powered bridge by poisoning the servers that LayerZero’s verifier trusted to verify transactions.
Kelp, the source said, plans to say that the DVN that was compromised through what it calls a “sophisticated state-sponsored attack” was LayerZero’s own infrastructure, not a third-party verifier.
The attackers compromised two of the LayerZero servers that verify whether cross-chain transactions are legitimate, then flooded the backup servers with junk traffic to force the LayerZero verifier to enter the compromised ones.
All of that infrastructure was built and managed by LayerZero, not Kelp, the source. reclaimed.
The source questioned LayerZero’s formulation of the “1/1 configuration” as a marginal choice made against the guidance. LayerZero’s postmortem said KelpDAO chose a 1-of-1 DVN configuration despite expressing recommendations to configure multi-DVN redundancy.
A “1/1 configuration” means that only one validator needs to sign a cross-chain message for the bridge to act on it, leaving the system without a second check to detect a compromised or forged instruction. A multiple validator setup (such as 2/3, 3/5, etc.) ensures that there is no single point of failure that can pass a forged message on its own.
They added that, through a direct communication channel with LayerZero, which has been open since July 2024, they did not produce any specific recommendations for Kelp to change the rsETH DVN configuration.
LayerZero’s own quickstart guide and GitHub’s default configuration point to a 1/1 DVN configuration, the source told CoinDesk, adding that 40% of the protocols on LayerZero are currently using the same configuration.
The configuration that Kelp ran also appears in the LayerZero OApp V2 quickstart, where the Layerzero.config.ts example connects each route with a required DVN and no optional DVNs. That’s the same 1/1 structure.
Kelp’s main recovery contracts were left untouched and the exploit was isolated to the bridging layer, they added. Its emergency pause, 46 minutes after the drain, blocked two follow-up attempts that would have released an additional ~$200 million in rsETH.
CoinDesk reached out to LayerZero for comment on the story and did not receive a response by the time of publication.
‘Deflecting responsibility’
Security researchers also don’t believe LayerZero’s isolated framing, which blamed Kelp.
Kelp is a fluid recovery protocol. Its core competency is staking infrastructure, EigenLayer integration and liquid staking token management. By integrating with LayerZero, Kelp relied on LayerZero’s documentation, its defaults, and its team’s guidance to make configuration decisions, the source said.
Yearn Finance core team developer Artem K, popularly known as @banteg on
That implementation also exposes a public endpoint that filters the list of configured servers to anyone who views it.
Banteg noted in his analysis that he cannot prove what settings Kelp used, but noted that LayerZero typically asks new operators to use its default settings, which he criticized in his post-mortem.
Chainlink community manager Zach Rynes put it bluntly about
As such, LayerZero has said it will no longer sign messages for any application running a single verifier setup, forcing a migration of the entire protocol.
Read more: ‘DeFi is dead’: Crypto community stirs after this year’s biggest hack exposes risk of contagion
