LayerZero has reversed its stance on the $292 million Kelp exploit, admitting it "made a mistake" by using its own verifier to secure high-value transfers in a vulnerable configuration. The company initially blamed a developer configuration failure for the breach but now accepts direct responsibility. The shift comes after weeks of scrutiny following the massive loss earlier this year.
From Developer Blame to Direct Accountability
For days after the exploit surfaced, LayerZero maintained the incident stemmed from a developer's misconfiguration of its system. The company stood by this explanation as the $292 million loss rippled through the blockchain ecosystem. That position has now been fully retracted without additional commentary.
The Vulnerable Verifier Setup
LayerZero's system used its proprietary verifier to approve high-value cross-chain transfers—a critical security function. The company admits this setup contained flaws that attackers exploited, allowing unauthorized asset movement. The vulnerability specifically affected large-value transactions, which were supposed to have enhanced protection. By using its own internal tool for this safeguard instead of a more robust external solution, the system created an opening for theft.
What the Admission Changes
This reversal shifts liability from external developers to LayerZero itself. Previously, the company suggested the breach was avoidable with proper user configuration. Now it acknowledges the vulnerability existed within its core architecture regardless of user settings. The $292 million figure represents stolen assets across multiple blockchain networks, though exact distribution remains undisclosed. No names or specific teams were cited in the company's statement, which focused solely on the technical misstep.
Unanswered Questions on Fixes
LayerZero hasn't detailed how it will rebuild trust or compensate affected users. The company hasn't indicated whether other transactions used the same flawed verifier setup. It remains unclear when the platform will implement new security protocols for high-value transfers. The blockchain community awaits concrete steps rather than further explanations about the breach's mechanics.
