LayerZero is under fire following its handling of the recent $290 million exploit involving KelpDAO, the omnichain interoperability protocol has shifted blame towards Kelp’s single-verifier configuration for the incident. This incident marks a significant event in the cryptocurrency sector, overcoming the previous record set just weeks ago by Drift Protocol’s $285 million exploit.

Heavy Losses in the KelpDAO Exploit

On the weekend, KelpDAO, a liquid restaking protocol, suffered a devastating attack that siphoned over $290 million worth of rsETH—an Ethereum-based token—from its reserves. This breach has been classified as the largest decentralized finance (DeFi) hack of 2026 so far. Just two days following the exploit, LayerZero issued a statement attributing the incident to a “highly sophisticated attack” allegedly linked to North Korea’s Lazarus Group. LayerZero clarified that what transpired was an attack on the infrastructure rather than a direct exploit of their protocol, seeking to assure users that no other cross-chain assets or applications were at risk.

In their analysis, LayerZero elaborated that their security protocol relies on Decentralized Verifier Networks (DVNs), which are independent entities designed to verify the integrity of cross-chain messages. They contend that the attackers compromised several remote procedure calls (RPCs) that the LayerZero Labs DVN depended on to validate transactions. By infiltrating the RPC infrastructure, the attackers executed a DDoS attack, forcing a failover to manipulated nodes that subsequently confirmed fraudulent transactions.

LayerZero’s post-event review placed considerable responsibility on KelpDAO for using a 1-of-1 verifier configuration instead of incorporating the recommended multi-DVN setups. They stated, “This incident was isolated entirely to KelpDAO’s rsETH configuration as a direct consequence of their single-DVN setup,” highlighting a potential oversight in their design methodology.

Crypto Community Unrest Over Accountability

The broader cryptocurrency community reacted adversely to LayerZero’s explanation, expressing discontent and calling attention to the perceived lack of accountability. Concerns emerged as users voiced that LayerZero’s response placed all blame squarely on KelpDAO’s security setup, which some argued was an abdication of responsibility on LayerZero’s part. One user on X platform remarked, “Imagine building a bridge and vehicles pay to cross, the bridge collapsed and you said it’s their fault for crossing the bridge,” characterizing the response as “a classic clownery act from a bunch of clowns.”

Another community member raised questions regarding the logic behind LayerZero permitting a “1-of-1” configuration if the objective of the DVN was to offer customizable and modular security. This sentiment was echoed by various users who noted that allowing such a configuration indicated a fundamental design flaw in LayerZero’s system, suggesting that the responsibility should not rest solely on KelpDAO.

Chainlink community manager Zach Rynes accused LayerZero of deflecting responsibility and criticized the protocol for shifting blame onto KelpDAO after the attack. Rynes suggested that it was LayerZero’s duty to ensure their DVNs were secure and well-designed before assuring third-party integrations. Meanwhile, Yearn Finance core developer Artem K cautioned that the attack reflected a compromise of the RPC node and underlined the importance of transparency regarding how exactly the breach occurred. He advised caution regarding the reactivation of bridges until further clarity is achieved.

Diagnosing the Issue: A Call for Better Solutions

Several industry analysts voiced their opinions on the matter through various channels, positing that LayerZero’s response might have been misguided. The analyst known as The Smart Ape criticized LayerZero’s suggested remedy to migrate all applications with a single DVN setup to multi-DVN architectures. He argued that such a shift would not guard against future multi-million-dollar attacks. “If attackers can disrupt just three RPC providers, they can essentially poison all five independent verifiers simultaneously, nullifying the advantages of having multiple,” he stated.

The analyst proposed a different approach, advocating that every verifier operates its own complete node, utilizing distinct client software, and hosted on varied cloud platforms, all managed by different operational teams. This method would create a more robust architecture capable of resisting similar attacks in the future. He concluded by emphasizing the importance of independently verifiable systems rather than relying on claims of multi-verification without transparency.

As the crypto market grapples with these critical security issues, the implications of this exploit may lead to changes in how protocols are designed and integrated with decentralized finance applications moving forward. The need for stringent security measures and accountability within the space has never been more pressing.