CoinDesk could not independently authenticate the screenshot.

LayerZero’s templates

Kelp also points to LayerZero’s bug bounty scope, OFT Quickstart and developer examples as evidence that LayerZero treated verifier-network choices as application-level configuration while showing builders a one-DVN setup.

LayerZero’s published bug bounty scope on Immunefi excludes from rewards “impacts to OApps themselves as a result of their own misconfiguration,” including verifier networks and executors.

The LayerZero OFT Quickstart and the official OFT example configuration on GitHub show LayerZero Labs as the required DVN, with no optional DVN set.

Kelp’s memo cites an April 19 post from Spearbit security researcher Sujith Somraaj, in which Somraaj said he had submitted a bug bounty report describing the same attack pattern and that LayerZero rejected it.

“My bug bounty: not a vuln, requires all DVNs,” Somraaj wrote on X. “Their deployment: removes the ‘all’ part. Hackers: collects $295M bounty instead.” Somraaj is a prior LayerZero auditor, according to his Cantina profile.

Kelp moves to Chainlink

Kelp also said it is moving rsETH off LayerZero to Chainlink’s Cross-Chain Interoperability Protocol. The shift moves rsETH from LayerZero’s OFT standard to Chainlink’s Cross-Chain Token standard.

The exploit drained 116,500 rsETH, worth roughly $292 million, from Kelp’s LayerZero-powered bridge. Two additional forged transactions totaling more than $100 million were signed and processed by the LayerZero Labs DVN before Kelp paused its contracts, the protocol said.

LayerZero said attackers are likely linked to North Korea’s Lazarus Group, who accessed the list of RPCs used by the LayerZero Labs DVN, compromised two RPC nodes and swapped out the binaries running on them.

The attackers then launched a DDoS attack against uncompromised RPC nodes, forcing a failover to the poisoned ones. LayerZero said the DVN then confirmed transactions that had not occurred.

Kelp argues the 1-of-1 setup was widespread. CoinGecko, citing Dune Analytics data, said 47% of roughly 2,665 active LayerZero OApp contracts ran a 1-of-1 DVN configuration over a 90-day period ending around April 22, with more than $4.5 billion in associated market value exposed to the same class of risk.

LayerZero’s postmortem said the protocol “functioned exactly as intended.” The company said it would no longer sign messages for any application running a 1-of-1 configuration, a policy change that took effect after the hack.

Kelp alleges that its team had to flag the exploit to LayerZero rather than the other way around, raising questions about LayerZero’s monitoring.

The memo also alleges substantial overlap in addresses granted ADMIN_ROLE on both the LayerZero Labs DVN and the Nethermind DVN, listing ten on April 8, 2026 and five additional on February 6, 2025. CoinDesk has not independently verified the onchain claim.

LayerZero did not respond to a request for comment by publication.

On at least two integrated chains, Dinari and Skale, the LayerZero Labs DVN is still listed as the only available attestor, according to the documentation.

On-chain DataWeb3
AI Disclaimer: Parts of this article were generated with the assistance from AI tools and reviewed by our editorial team to ensure accuracy and adherence to our standards. For more information, see CoinDesk’s full AI Policy.

More For You

Elon Musk’s X to deploy scam kill switch by auto-locking first-time crypto mentioners

By Francisco Rodrigues|Edited by Stephen Alpher
Apr 2, 2026

X and other social media apps on smartphone (Julian/Unsplash/Modified by CoinDesk)

The move comes in response to a wave of phishing attacks using fake copyright emails and is the latest in an attempt to shut down crypto-linked scams on the platform.

What to know:

  • X will auto-lock accounts posting about crypto for the first time to reduce scam activity, according to its Head of Product Nikita Bier.
  • The move comes in response to a wave of phishing attacks using fake copyright emails and is the latest in an attempt to shut down crypto-linked scams…
Read full story
Latest Crypto News
Strategy Executive Chairman Michael Saylor on CoinDesk Television

Strategy posts $12.54 billion Q1 loss on declining bitcoin price

21 minutes ago

Hacker facing screens with lines of code (Boitumelo/Unsplash)

Drift outlines a recovery plan for users after $295 million DPRK-linked exploit

1 hour ago

Kara Kennedy, Global Head of Market Development of J.P. Morgan (left), Nadine Chakar, Global Head of Digital Assets of DTCC (center) and Evan Auyang, Group President of Animoca Brands speak at Consensus 2026 in Miami (CoinDesk)

Tokenization won’t disrupt banking rails but improve them, Wall Street executives say

1 hour ago

Bitcoin (BTC) price on May 5 (CoinDesk)

Bitcoin extends gains to $81,500 as tokenization push lifts Bullish, Galaxy, Centrifuge

1 hour ago

Rep. Steven Horsford (CoinDesk)

Rep. Steven Horsford pitches PARITY Act as ‘durable floor’ for crypto tax at Consensus Miami

3 hours ago

Solana co-founder Anatoly Yakovenko @ Consensus Miami 2026 (CoinDesk)

Solana’s ‘Alpenglow’ upgrade could arrive next quarter, co-founder Yakovenko says

3 hours ago

Top Stories
Ripple CEO Brad Garlinghouse, Consensus 2026 in Miami

Ripple CEO Brad Garlinghouse says Clarity better than chaos as Senate hits key moment

4 hours ago

Consensus Miami 2026 Registration at the Miami Beach Convention Center

Consensus Miami Day 1: Real-time coverage and highlights from on the ground

6 hours ago

Mike Cagney at Consensus Miami 2026

Figure targets Fannie Mae and Freddie Mac in mortgage push, citing massive cost cuts for borrowers

3 hours ago

Arthur Hayes Consensus Miami 2026

Crypto’s value is from being outside regulatory apparatus, says Arthur Hayes

5 hours ago

Coinbase CEO Brian Armstrong (Nikhilesh De/CoinDesk)

Coinbase cuts 14% of staff as AI reshapes how crypto companies operate

8 hours ago

A close-up of the new ad patch. (Crypto.com/76ers)

Crypto.com’s high-rolling head of marketing to leave after almost six years

6 hours ago

About the Author

Melinda

Author

View All Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Stories

Blockstream Accelerates Bitcoin Adoption with Strategic Moves and Technological Advancements in Q4 2025

Crypto ETFs go mainstream as traditional finance locks in

Melinda 5 minutes ago 0
Coinbase Taps Centrifuge as Preferred Tokenization Partner

Coinbase Taps Centrifuge as Preferred Tokenization Partner

Rasha Siddiqi 25 minutes ago 0
Kelp DAO Accuses LayerZero of Deflecting Blame for $300M Bridge Hack

Kelp DAO Accuses LayerZero of Deflecting Blame for $300M Bridge Hack

Rasha Siddiqi 51 minutes ago 0

You May Have Missed

Balaji Srinivasan Envisions a Future Where Crypto Keys Reign Supreme Over AI

Crypto PAC spends $500K in support of Indiana candidate ahead of primary

Melinda 5 minutes ago 0
Blockstream Accelerates Bitcoin Adoption with Strategic Moves and Technological Advancements in Q4 2025

Crypto ETFs go mainstream as traditional finance locks in

Melinda 5 minutes ago 0
Coinbase Taps Centrifuge as Preferred Tokenization Partner

Coinbase Taps Centrifuge as Preferred Tokenization Partner

Rasha Siddiqi 25 minutes ago 0
Kelp DAO Accuses LayerZero of Deflecting Blame for $300M Bridge Hack

Kelp DAO Accuses LayerZero of Deflecting Blame for $300M Bridge Hack

Rasha Siddiqi 51 minutes ago 0