DeFi Provider Kelp DAO Navigates New Path Following Security Breach

In a strategic pivot, decentralized finance provider Kelp DAO has shifted its infrastructure for the liquid restaked token rsETH to Chainlink’s CCIP. This transition comes after a significant security breach in April where hackers exploited LayerZero’s bridge, causing massive financial losses, including 116,500 rsETH from Kelp DAO. The attack underlined vulnerabilities in using LayerZero’s OFT protocol, affecting several entities within the DeFi sector.

How did LayerZero’s security lapse unfold?

The breach, which wiped out nearly 18% of the rsETH in circulation, was executed through DDoS attacks targeting LayerZero’s operations. By seizing control of key network touchpoints managed by LayerZero Labs, the hackers diverted substantial token amounts. The bridge’s reliance on a single validator became a critical vulnerability, allowing unauthorized transactions across linked networks.

Post-incident, LayerZero acknowledged that the single validator model deviated from its operational standards. Yet, communications released by Kelp DAO suggest that LayerZero had given the nod to this setup despite the risks involved. Documentary evidence, shared via Telegram exchanges, revealed LayerZero’s approval of default bridge settings.

After the latest breach, we began taking steps to fully secure rsETH, which is why we are migrating to Chainlink CCIP. During the April 18 incident, LayerZero’s compromised infrastructure contributed to $300 million in losses throughout DeFi.

What attracted Kelp DAO to Chainlink’s infrastructure?

Kelp DAO’s decision to adopt Chainlink’s CCIP is a direct response to the vulnerabilities exposed during the breach. Chainlink ensures higher security by employing three independent oracle networks for transactional lanes and a distinct risk mitigation network, all developed in various programming languages. This sophisticated design prevents the spread of vulnerabilities should one component be compromised, according to Sergey Nazarov of Chainlink.

The multi-layer validation inherent in CCIP is crafted to thwart attacks like those faced by Kelp DAO. Crucially, Chainlink’s infrastructure has a clean security record since its launch, which influenced Kelp DAO’s choice to transition.

Even if you manage to breach one codebase, you cannot extend the exploit to others. This ensures customer diversity and allows independent codebases to interact securely.

Kelp DAO’s infrastructure change reflects a broader move towards more resilient and adaptable security measures. Experts attribute the hack’s success primarily to the single validator and mono-codebase setup prevalent at the time.

Bulleted insights:

• LayerZero contributed 10,000 ETH to a recovery fund following the hack.
• Arbitrum Security Council froze sizable sums linked to attackers.
• Legal complexities arise as some plaintiffs in the U.S. pursue asset recovery under counter-terrorism laws.

The event has prompted LayerZero to enforce widescale security upgrades, focusing on adopting multi-validator systems. For Kelp DAO, this incident underscores the importance of robust cross-chain security, especially in light of what is now recognized as the most significant DeFi breach of 2026. This highlights the evolving landscape of cross-chain security challenges within the crypto sector.