Kelp DAO, a prominent liquid restaking protocol, is making a significant move by migrating its cross-chain operations to Chainlink's Cross-Chain Interoperability Protocol (CCIP). This strategic shift comes amidst a contentious dispute with LayerZero, following a $300 million exploit that Kelp DAO firmly attributes to vulnerabilities within LayerZero's core infrastructure.
Challenging the Blame: Kelp's Stance on the LayerZero Exploit
Kelp DAO has vehemently rejected claims that its "1-of-1 DVN" configuration was responsible for the substantial $300 million exploit that occurred on April 18. The protocol asserts this setup was widely adopted across the LayerZero ecosystem, explicitly approved in prior communications, and included in default documentation. Instead, Kelp points to an infrastructure-level compromise within LayerZero itself, where attackers reportedly manipulated RPC nodes to generate forged transaction attestations, leading to the minting of unbacked rsETH and subsequent fund extraction. Kelp claims swift action to pause contracts prevented over $100 million in additional losses.
Systemic Risks and the Shift to Chainlink CCIP
Further raising questions, Kelp DAO has scrutinized inconsistencies in LayerZero's postmortem analysis, particularly the characterization of the incident as an isolated configuration issue. Kelp highlights LayerZero's subsequent restriction of 1-of-1 DVN setups as a contradiction to its prior guidance, underscoring deeper systemic risks within LayerZero’s trust model, including shared infrastructure dependencies, a lack of monitoring, and exposed RPC endpoints. Consequently, Kelp's migration to Chainlink CCIP reflects a critical re-evaluation of cross-chain security. The move signals a broader industry demand for more robust and proven interoperability solutions to safeguard user funds and rebuild trust in the wake of such high-profile security breaches.
