KelpDAO is pointing the finger at LayerZero infrastructure for a $292 million exploit that drained rsETH tokens from its protocol. The decentralized autonomous organization claims LayerZero approved the setup later blamed for the hack, and it's already moving to Chainlink CCIP. Both sides are now disputing the root cause of the attack.
Who approved what
The hack targeted rsETH, a liquid restaking token tied to Ethereum staking. According to KelpDAO, LayerZero gave the green light on the configuration that ended up being the attack vector. LayerZero hasn't publicly accepted responsibility, and the argument over whether the infrastructure was flawed or the integration was sloppy is playing out in public.
KelpDAO said it shifted from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP) after the incident. That's a big move for a protocol that was heavily reliant on LayerZero for cross-chain messaging. The choice suggests KelpDAO sees the risk as systemic, not just a one-time bug.
The aftermath and migration
The DAO didn't disclose how much of the $292 million was recovered or if any user funds are still at risk. What is clear is the migration to Chainlink CCIP is underway. CCIP is Chainlink's answer to secure cross-chain communication, and it's been pitched as a more audited alternative to LayerZero's model.
For LayerZero, the incident adds to a growing list of security questions around cross-chain bridges and messaging protocols. The company hasn't issued a detailed post-mortem that assigns blame internally. Instead, it's been left to KelpDAO to explain why it cut ties.
The two sides have not settled the blame game publicly. KelpDAO maintains LayerZero's approval process failed. LayerZero likely argues the DAO misconfigured something. Without an independent audit or a third-party investigation, the exact chain of events remains unclear.
KelpDAO's switch to Chainlink CCIP won't undo the $292 million loss, but it signals a change in how the DAO approaches cross-chain security. The broader DeFi community is watching to see if other protocols follow suit.
