Kelp DAO Drops LayerZero for Chainlink Following $292M Exploit Fallout

Kelp DAO is overhauling its cross-chain infrastructure in the wake of last month’s $292 million exploit, replacing LayerZero with Chainlink.

The shift makes Kelp DAO the first major protocol to move away from LayerZero following the incident, according to a Chainlink representative.

The exploit, which occurred on April 18, saw attackers—believed to be linked to North Korea’s Lazarus Group—drain 116,500 rsETH using a vulnerability tied to a LayerZero-powered Omnichain Fungible Token (OFT) bridge.

At the center of the breach was a single-verifier configuration within LayerZero’s Decentralized Verifier Network (DVN). Critics argue that this setup significantly weakened security, enabling the attackers to exploit the system.

While LayerZero maintains it had warned against using a one-of-one verifier model, Kelp DAO and other observers contend that such a configuration was initially recommended as the default onboarding setup.

Supporting this claim, a recent analysis cited by Kelp DAO found that nearly 47% of roughly 2,665 LayerZero-based applications were operating under the same single-verifier structure at the time of the attack.

In response to the fallout, LayerZero has since pledged to discontinue support for single-verifier configurations.

Kelp DAO’s migration to Chainlink introduces a more robust validation system. Chainlink Cross-Chain Interoperability Protocol (CCIP) relies on decentralized oracle networks (DONs) that require a minimum of 16 independent node operators to validate transactions, significantly reducing single points of failure.

“KelpDAO's migration to Chainlink CCIP directly addresses the architectural vulnerability at the center of the exploit,” the protocol said in a statement.

As part of the transition, rsETH will also adopt Chainlink’s Cross-Chain Token (CCT) standard.

Chainlink reports that its infrastructure has facilitated over $30 trillion in cross-chain transaction value to date, underscoring its scale and adoption.

Meanwhile, efforts to recover from the exploit continue under the DeFi United initiative, formed to restore rsETH’s backing.

LayerZero has contributed approximately 10,000 ETH to the initiative, split between a 5,000 ETH donation and a 5,000 ETH loan to Aave. In total, the recovery effort has now raised more than $300 million in crypto assets.

The situation has also sparked legal complications. Over the weekend, alleged victims of prior North Korean cyberattacks filed a lawsuit against Arbitrum DAO, seeking control of 30,766 ETH that had been frozen by Arbitrum’s Security Council following the exploit. The DAO had been in the process of voting to release those funds into the DeFi United recovery pool.

In response, Aave filed an emergency motion on Monday to dismiss the lawsuit and lift a temporary restraining order placed on the disputed funds, adding another layer of complexity to the ongoing recovery efforts.