Kelp DAO Says LayerZero Approved 1:1 DVN Setup Tied to $292 Million rsETH Hack

Kelp DAO said LayerZero approved the 1:1 DVN, or decentralized verifier network, configuration that Kelp says led to the $292 million rsETH hack.

CoinDesk reported on May 5 that Kelp DAO, in a recently released memo, said LayerZero personnel knew the rsETH bridge was using a single-validator setup but did not warn that it posed a serious security risk.

The claim contradicts LayerZero's post-mortem published on April 19. In that analysis, LayerZero said Kelp DAO's rsETH application had set LayerZero Labs as its sole verifier, a configuration it said ran counter to its recommendation to use multiple decentralized verifier networks.

Kelp DAO disputed that account, saying the setup was reviewed over about two and a half years and discussed in eight integration meetings, yet it was never warned that a 1:1 DVN structure could create a major security risk. Citing screenshots of Telegram chats, Kelp DAO said LayerZero representatives indicated there was no problem with using the default configuration.

LayerZero, however, said Kelp DAO was initially deployed with a multi-DVN structure and later manually reduced it to a 1:1 setup. It said the issue was an application-level configuration problem rather than a protocol vulnerability, and that the 1:1 setting does not fall within the scope of its bug bounty program.

About 116,500 rsETH were stolen in the hack, with losses estimated at about $292 million. LayerZero blamed Lazarus Group, the North Korea-linked hacking organization, for the attack. Kelp DAO said after the incident that it would move rsETH from a LayerZero-based bridge to Chainlink's CCIP.