How is LayerZero Impacted in the KelpDAO Hack?

On April 18, 2026, the KelpDAO rsETH bridge was drained of roughly $292 million in a single coordinated attack — and LayerZero was right at the center of it. 

The LayerZero KelpDAO hack immediately triggered a cascade of frozen bridges, a 20%-plus crash in ZRO's price, and a heated blame war that's still unfolding. 

Two days later, LayerZero published its incident report, restored its DVN operations, and announced a sweeping policy change. 

But the questions it raised about cross-chain bridge vulnerability and LayerZero's own default security settings didn't get buried with the post-mortem.

Key Takeaways

• $292M exploit triggered by compromised LayerZero RPC nodes and a vulnerable 1/1 DVN setup with no redundancy.
• LayerZero contained the incident quickly, restored infrastructure, and banned 1/1 DVN configurations moving forward.
• About 40% of protocols used the same setup, raising concerns over systemic risk tied to default configurations.

Trade with confidence. Bitrue is a secure and trusted crypto trading platform for buying, selling, and trading Bitcoin and altcoins.
Register Now to Claim Your Prize!

How the Attack Actually Worked

The attacker didn't brute-force the protocol. They were surgical. First, they identified the RPC nodes — the servers LayerZero's Decentralized Verifier Network (DVN) used to read blockchain data. 

Then they quietly replaced the software on two of those nodes with a poisoned version that reported a fake cross-chain transaction as legitimate, while still feeding accurate data to every other system querying the same nodes. That made the intrusion nearly invisible to monitoring tools. 

To finish it off, they launched a DDoS attack against the healthy nodes, forcing the DVN into failover mode — straight onto the compromised endpoints. One verifier. One poisoned signal. $292 million gone.

Read Also: RCSC Token vs FOF Token Price Comparison and Risk Analysis

LayerZero vs. KelpDAO: A Blame War With No Clean Winner

LayerZero's official statement placed the responsibility squarely on KelpDAO for choosing a 1-of-1 DVN configuration — a setup where a single verifier must approve all cross-chain messages with zero redundancy. 

LayerZero said it had repeatedly warned KelpDAO to adopt a multi-DVN architecture and that a properly configured integration would have stopped the attack cold. KelpDAO pushed back hard. 

Their team stated they had operated on LayerZero infrastructure since early 2024 and that the single-DVN setup had been explicitly confirmed as appropriate during direct communications with the LayerZero team. 

The real damage to LayerZero's narrative? Its own quickstart documentation and default GitHub configuration shipped with the 1/1 setup — and 40% of active protocols were still running it at the time of the exploit.

Read Also: ChatGPT XRP Price Prediction for Q2 2026: What to Expect

The Institutional Timing Couldn't Be Worse

February 2026 was supposed to be LayerZero's coming-out party. The company announced Zero — a new Layer 1 blockchain built for institutional markets — backed by Citadel Securities, DTCC, the New York Stock Exchange's parent company ICE, and Google Cloud. 

The plan was to position ZRO as the mandatory gas token for a 2-million TPS chain targeting Wall Street's settlement infrastructure. 

A $292 million exploit tied directly to LayerZero's core bridge infrastructure, just months before Zero's fall 2026 launch, lands like a legal brief in the hands of every compliance officer at those partner firms. 

Cathie Wood called Zero "a completely different league." Whether those institutional commitments hold after April 18 is the real story.

Read Also: Is Trezor Crypto Wallet Safe to Use in 2026?

What LayerZero Changed After the Incident

LayerZero moved fast on damage control. All compromised RPC nodes were deprecated and replaced within hours. 

The Labs DVN was declared fully operational by April 20 — a milestone that triggered a local ZRO price recovery from the mid-$1.50 lows back toward $1.70. 

The most consequential change was the policy shift: LayerZero will no longer sign or authenticate messages from any application using a 1/1 DVN configuration. That's a forced protocol-level migration that affects a significant portion of its active integrations. 

The recommended minimum going forward is a 3-of-5 multi-DVN setup using independent verifiers such as LayerZero Labs nodes combined with Google Cloud and community validators — requiring consensus across all of them before any cross-chain message is accepted.

Read Also: Best Meme Coins to Watch in May 2026

Conclusion

The KelpDAO exploit wasn't a simple bridge hack. It was a state-sponsored, multi-vector infrastructure attack attributed to North Korea's Lazarus Group — specifically its TraderTraitor subunit — that exploited both a misconfigured app and LayerZero's own DVN node infrastructure. 

LayerZero's response was technically sound: it restored operations quickly, eliminated the immediate threat, and forced a security upgrade across its ecosystem. But the credibility cost is real. 

When your platform's defaults ship with a single point of failure and 40% of your integrations are running it, you don't get to frame the entire disaster as someone else's configuration choice. 

The Zero blockchain and its institutional partnerships remain intact for now — but the pressure to prove enterprise-grade security before fall 2026 just went from background noise to front-page urgency.

Read Also: Gold in 2026: The Ultimate Macro-Geopolitics Hedge

FAQ

Was LayerZero's core protocol hacked?

Not technically — the attack targeted the RPC nodes LayerZero Labs operated as DVN verifiers, not the core smart contracts. That said, since LayerZero ran the compromised infrastructure, calling it purely an "app-level failure" is a stretch.

What is a DVN and why does it matter in this context?

A DVN (Decentralized Verifier Network) is the entity that confirms whether a cross-chain message is legitimate before a bridge acts on it. KelpDAO only had one — so once attackers corrupted its data feed, there was no second verifier to catch the forged transaction.

Did other protocols using LayerZero get affected?

No direct financial losses hit other protocols, but Ethena, ether.fi, Tron DAO, and Curve Finance all froze their LayerZero bridges as a precaution — and DeFi's total TVL dropped 7% in 24 hours from $99.5B to $86B on panic alone.

How did this affect ZRO's price?

ZRO crashed over 20% into the mid-$1.50s, worsened by a 25.7 million ZRO token unlock hitting the same week. The price partially recovered to ~$1.70 once LayerZero confirmed its DVN was back online.

What should KelpDAO users do now?

KelpDAO has paused rsETH contracts across Ethereum mainnet and several L2s — users should track their official channels for recovery updates and relaunch timelines. LayerZero is cooperating with law enforcement, though clawing back $292M from a state-sponsored actor is a long shot.

Disclaimer:
The views expressed belong exclusively to the author and do not reflect the views of this platform. This platform and its affiliates disclaim any responsibility for the accuracy or suitability of the information provided. It is for informational purposes only and not intended as financial or investment advice.