Kelp DAO says the 1-of-1 verifier configuration that enabled the $290 million rsETH exploit was LayerZero’s own documented default, not a rogue configuration choice made against expert advice.
Posted April 21, 2026 at 6:22 am EST.
Kelp DAO is contesting LayerZero’s post-mortem of the April 18 rsETH bridge exploit. LayerZero’s account placed the blame squarely on Kelp, saying the protocol had ignored repeated recommendations to move from a 1-of-1 DVN configuration to a multi-verifier setup. Kelp disputes both the characterization of the configuration as a fringe choice and the claim that LayerZero issued specific warnings.
Kelp in an April 20 statement said the single-verifier setup it ran was LayerZero’s own documented default, not a deviation from best practices. The protocol said it relied on LayerZero’s documentation and the guidance of LayerZero’s team when making configuration decisions, and that the communications channel between the two teams, open since January 2024, never produced a specific recommendation to change the rsETH DVN configuration. Kelp also argues that the compromised DVN was part of LayerZero’s own infrastructure, not a third-party verifier Kelp had independently selected.
This story is an excerpt from the Unchained Daily newsletter.
Subscribe here to get these updates in your email for free
At least one independent security researcher has sided with Kelp’s framing. Yearn Finance core developer Artem K, known as @banteg on X, published a technical review of LayerZero’s public deployment code and found that the V2 OApp Quickstart ships with single-source verification defaults across Ethereum, BSC, Polygon, Arbitrum, and Optimism. The reference setup also leaves a public endpoint exposed that leaks the list of configured servers.
Chainlink community manager Zach Rynes said on X that LayerZero was “deflecting responsibility” for its own compromised infrastructure.
LayerZero has not publicly responded to Kelp’s rebuttal. The company has said it will no longer sign messages for any application running a 1-of-1 configuration, forcing a protocol-wide security migration.
DeFi,defi exploit,Kelp DAO,LayerZero,rsETH,yahoodefi exploit,Kelp DAO,LayerZero,rsETH,yahoo#Kelp #DAO #Disputes #LayerZeros #Account #Million #Exploit #Escalating #Blame #Game1776767997
