The controversy surrounding the $292 million rsETH bridge attack between Kelp DAO and LayerZero has taken on a new dimension. Kelp DAO has revealed that the 1-of-1 validator setup, previously cited as the cause of the attack, was personally approved by LayerZero personnel.
According to documents released by Kelp, the LayerZero team reviewed this configuration for 2.5 years and during eight separate integration meetings; they reported no security risks. In fact, screenshots show that LayerZero did not object to this setup.
LayerZero, in its post-incident report, argued that the protocol worked as intended and that the error stemmed from Kelp's failure to use its recommended multi-validator model. However, data pointed out by Kelp indicates that 47% of active LayerZero OApp contracts use the same 1-of-1 configuration, leaving over $4.5 billion in market value at risk.
The attack is reportedly being carried out by a hacker group with North Korean links, and 116,500 rsETH have been stolen. Following these developments, Kelp DAO decided to migrate its rsETH infrastructure from LayerZero's OFT standard to Chainlink's CCIP protocol. LayerZero, meanwhile, banned 1-of-1 setups and announced it will no longer sign messages for such configurations.
This case once again raises the question of who is responsible for security in DeFi.
When building a bridge, it's not enough to trust the architect; you must also track down the master who laid each stone.
⚠️Don't forget to mark stop-loss and manage risk properly.
👉NFA
👉DYOR
#GateSquareMayTradingShare
#GateSquare #CreatorCarnival

ZRO2.19%

LINK4.64%

User_any2026-05-05 20:34:21

Greetings from Gate Square,

The controversy surrounding the $292 million rsETH bridge attack between Kelp DAO and LayerZero has taken on a new dimension. Kelp DAO has revealed that the 1-of-1 validator setup, previously cited as the cause of the attack, was personally approved by LayerZero personnel.

According to documents released by Kelp, the LayerZero team reviewed this configuration for 2.5 years and during eight separate integration meetings; they reported no security risks. In fact, screenshots show that LayerZero did not object to this setup.

LayerZero, in its post-incident report, argued that the protocol worked as intended and that the error stemmed from Kelp's failure to use its recommended multi-validator model. However, data pointed out by Kelp indicates that 47% of active LayerZero OApp contracts use the same 1-of-1 configuration, leaving over $4.5 billion in market value at risk.

The attack is reportedly being carried out by a hacker group with North Korean links, and 116,500 rsETH have been stolen. Following these developments, Kelp DAO decided to migrate its rsETH infrastructure from LayerZero's OFT standard to Chainlink's CCIP protocol. LayerZero, meanwhile, banned 1-of-1 setups and announced it will no longer sign messages for such configurations.

This case once again raises the question of who is responsible for security in DeFi.

When building a bridge, it's not enough to trust the architect; you must also track down the master who laid each stone.

⚠️Don't forget to mark stop-loss and manage risk properly.
👉NFA
👉DYOR
#GateSquareMayTradingShare
#GateSquare #CreatorCarnival

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

2 Likes

Reward
2
Comment
Repost
Share

Comment

Add a comment

No comments

Trending Topics
View More
#
GateSquareMayTradingShare
386.49K Popularity
#
BitcoinHoldsFirmAbove80K
94.29M Popularity
#
CryptoMarketRecovery
113.12K Popularity
#
AaveSuesToUnfreeze73MInETH
1.84M Popularity
#
DailyPolymarketHotspot
824.95K Popularity

Sitemap

Greetings from Gate Square,

Trending Topics

GateSquareMayTradingShare

BitcoinHoldsFirmAbove80K

CryptoMarketRecovery

AaveSuesToUnfreeze73MInETH

DailyPolymarketHotspot

Pin