Why Is Kelp DAO Replacing Its Cross-Chain Infrastructure?
Kelp DAO is moving away from LayerZero as its cross-chain infrastructure provider following last month’s $292 million exploit, opting instead to integrate Chainlink’s Cross-Chain Interoperability Protocol (CCIP).
The decision follows an attack on April 18, when hackers linked to North Korea’s Lazarus Group exploited a vulnerability in a LayerZero-powered bridge, draining 116,500 rsETH. The breach centered on a single-verifier configuration, which allowed the attacker to bypass broader validation checks.
With the migration, Kelp DAO becomes the first major protocol to abandon LayerZero after the incident, highlighting the impact of the exploit on infrastructure trust within DeFi.
What Went Wrong With the LayerZero Setup?
The exploit exposed weaknesses in the 1-of-1 Decentralized Verifier Network configuration used by Kelp DAO. Under this setup, only a single verifier was required to approve cross-chain transactions, creating a critical single point of failure.
LayerZero has stated it warned against using a single-verifier configuration. However, Kelp DAO and other observers argue that the 1-of-1 setup was the default onboarding configuration recommended to developers.
An analysis cited by Kelp DAO found that 47% of roughly 2,665 LayerZero applications were using the same configuration at the time of the attack, indicating the issue was not isolated to a single protocol.
LayerZero has since said it will stop supporting single-verifier setups, but the incident has already triggered reassessment across protocols relying on similar configurations.
Investor Takeaway
How Does Chainlink’s CCIP Change the Security Model?
Chainlink’s CCIP replaces the single-verifier approach with a decentralized validation model requiring at least 16 independent node operators to confirm cross-chain transactions. This multi-node structure reduces reliance on any single point of failure.
“KelpDAO’s migration to Chainlink CCIP directly addresses the architectural vulnerability at the center of the exploit,” the protocol said in its announcement.
As part of the transition, rsETH will also adopt Chainlink’s Cross-Chain Token standard. Chainlink said its infrastructure has supported more than $30 trillion in cross-chain transaction value to date.
Investor Takeaway
What Are the Broader Implications for DeFi Infrastructure?
The exploit has triggered wider efforts to stabilize the ecosystem. Under the DeFi United initiative, more than $300 million has been raised to restore rsETH backing, including contributions from LayerZero.
Legal pressure is also building. Victims of previous North Korean-linked hacks have filed suit against Arbitrum DAO to seize 30,766 ETH frozen after the exploit. Aave has moved to vacate the lawsuit and lift restrictions on the funds.
The incident reflects the systemic risks tied to cross-chain bridges, which remain one of the most targeted components in DeFi. As protocols reevaluate infrastructure choices, validation models and default configurations are becoming central to risk assessment.
