Kelp DAO Blames LayerZero Defaults for $290M rsETH Bridge Incident

News

add

Kelp DAO has pointed to LayerZero’s default configuration settings as the root cause of a $290 million rsETH bridge incident, escalating a public dispute over responsibility for one of the largest cross-chain exploits in 2026.

The incident, which occurred on April 18, involved the exploitation of rsETH tokens during a cross-chain bridge operation. Kelp DAO’s position, reported by CoinDesk, frames LayerZero’s out-of-the-box settings as the primary vulnerability rather than any misconfiguration on Kelp’s part.

LayerZero issued its own statement attributing the exploit to North Korea’s Lazarus Group, according to Decrypt. The protocol acknowledged the breach but pushed back on the framing that its defaults were inadequate for securing high-value bridge deployments.

Why LayerZero’s default DVN configuration is central to the dispute

LayerZero provides cross-chain messaging infrastructure that protocols like Kelp DAO use to move assets between blockchains. When deploying a bridge, projects can customize security parameters or rely on LayerZero’s default settings.

An Ethereum researcher highlighted that Kelp’s bridge relied on a single Decentralized Verifier Network (DVN) configuration, the default provided by LayerZero. This single-DVN setup, as detailed by Whale Alert, enabled the attacker to compromise the bridge by subverting just one verification layer rather than multiple independent validators.

The researcher urged the industry to adopt validity proofs as a more robust alternative to DVN-based verification for high-value bridge deployments. The core question is whether LayerZero’s defaults should have been more conservative given the value at stake, or whether Kelp DAO bore responsibility for not upgrading to a multi-DVN configuration.

The Aave governance forum has also hosted discussion of the rsETH incident, given that rsETH serves as collateral within DeFi lending protocols. The thread reflects broader concern about how restaking-linked assets interact with bridge security assumptions.

What the incident means for rsETH holders and cross-chain security

For rsETH holders, the immediate concern is whether funds can be recovered and whether the token’s peg and utility within DeFi protocols will be affected. LayerZero’s official incident statement acknowledged the breach but did not detail a recovery plan.

The dispute highlights a recurring problem in cross-chain infrastructure: the gap between what defaults permit and what security demands. Bridge incidents have historically been among the most costly attack vectors in crypto, and this event ranks among the largest.

The expansion of Layer 2 networks and cross-chain bridges has steadily widened the attack surface available to sophisticated threat actors. State-sponsored groups like Lazarus have increasingly targeted crypto infrastructure, a trend that has tested the resilience of crypto companies operating across different regulatory environments.

The security model of early crypto was far simpler; in Bitcoin’s earliest days, the ecosystem’s biggest risks were negligible compared to the hundreds of millions now flowing through bridge contracts with configurable trust assumptions.

What to watch next: whether Kelp DAO or LayerZero publishes a detailed post-mortem with on-chain evidence, whether any funds are frozen or recovered, and whether DeFi protocols that accept rsETH as collateral adjust their risk parameters in response.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.

Previous

trending_flat

Reuters: UAE Crypto Companies Show Resilience Amid US-Israel and Iran Conflicts

Crypto