LayerZero Issues Public Apology After $292 Million Kelp DAO Exploit

Cross-chain messaging protocol LayerZero has publicly apologized for its handling of the massive Kelp DAO exploitthat drained approximately $292 million in assets last month. In a major reversal, the company admitted that its own infrastructure decisions played a critical role in the attack and acknowledged that allowing a single verifier setup for high-value transactions was a serious mistake. 

LayerZero Admits Fault in “Single Verifier” Setup

The controversy centers around LayerZero’s 1-of-1 Decentralized Verifier Network (DVN) configuration that was being used to secure Kelp DAO’s rsETH bridge transactions. Initially, LayerZero publicly framed the exploit as primarily a configuration issue chosen by Kelp DAO. However, after weeks of criticism from users and security researchers, the company has now admitted that it should never have allowed its own validator to operate as the sole verifier protecting high-value transfers. 

In its latest statement, LayerZero said, “We own that,” acknowledging responsibility for creating what effectively became a single point of failure inside critical bridge infrastructure. The company admitted the configuration violated basic multi-signature and decentralized security principles commonly used throughout DeFi. 

Lazarus Group Attack Exploited RPC Infrastructure

According to LayerZero’s updated explanation, the exploit involved a sophisticated attack believed to be linked to North Korea’s Lazarus Group, specifically the subgroup known as TraderTraitor. Attackers allegedly poisoned downstream RPC infrastructure used by LayerZero Labs’ DVN while simultaneously targeting external RPC providers with DDoS attacks. 

The exploit ultimately allowed forged messages to be verified because there was no secondary independent validator available to reject suspicious transactions. LayerZero clarified that its core protocol was not directly hacked, but acknowledged that the infrastructure surrounding its verification systems created the vulnerability that enabled the exploit. The incident became one of the largest DeFi exploits of 2026 and triggered major backlash against LayerZero’s earlier attempts to distance itself from responsibility. 

Kelp DAO and Other Projects Begin Migrating Away

The fallout from the exploit is already impacting LayerZero’s business relationships. Following the incident, Kelp DAOannounced plans to migrate portions of its cross-chain infrastructure to Chainlink’s CCIP system. Other protocols, including Solv Protocol, are also reportedly exploring alternatives after concerns about LayerZero’s security architecture and communication failures. 

Critics argued that LayerZero’s original post-mortem unfairly blamed Kelp DAO users and developers instead of acknowledging flaws within its own validator infrastructure. The public apology appears to be an attempt to rebuild trust within the broader DeFi ecosystem. 

LayerZero Announces Major Security Overhaul

In response to the backlash, LayerZero says it is implementing major changes to its security model. The company announced it will no longer support 1/1 DVN configurations and plans to transition default pathways toward far more decentralized validator structures, including 3-of-3 and 5-of-5 verification setups where possible. 

LayerZero also revealed broader infrastructure upgrades involving:

• Higher multisig thresholds
• New custom-built multisig systems
• Improved incident monitoring tools
• Stronger validator redundancy requirements
• Expanded developer security education initiatives

The company stated these changes are designed to defend against increasingly sophisticated state-sponsored cyberattacks targeting cross-chain infrastructure. 

Cross-Chain Security Faces Growing Scrutiny

The incident has reignited industry-wide concerns around the security of blockchain bridges and cross-chain messaging systems. Bridges remain one of the most heavily targeted sectors in crypto due to the enormous amounts of capital moving between networks.

Security researchers note that many cross-chain systems still rely on concentrated validator structures or trusted intermediaries, creating vulnerabilities that sophisticated attackers can exploit. The Kelp DAO incident highlights how even partially centralized infrastructure inside “decentralized” systems can become catastrophic failure points.