LayerZero is facing significant backlash for its handling of the recent $290 million KelpDAO exploit. The omnichain interoperability protocol has placed blame on KelpDAO’s use of a 1-of-1 verifier configuration for the incident.
Over the weekend, the liquid restaking protocol KelpDAO was attacked, resulting in the loss of over $290 million in rsETH. The attackers exploited a vulnerability in the protocol’s LayerZero-powered bridge. Two days later, LayerZero addressed the incident, which has become the largest DeFi hack of 2026, following closely after Drift Protocol’s $285 million exploit.
LayerZero attributed the “highly sophisticated attack” to North Korea’s Lazarus Group. They characterized it as an attack on crypto infrastructure rather than a protocol exploit and stated that “there is zero contagion to any other cross-chain assets or applications.” The protocol explained that its system is built on a modular security foundation using Decentralized Verifier Networks (DVNs), which are independent entities that verify cross-chain messages.
According to LayerZero, the attackers compromised a majority of the RPCs (Remote Procedure Calls) that its own DVN relied on to verify transactions. They allegedly swapped binaries to forge messages and used DDoS attacks to force the system to use these compromised nodes, tricking the DVN into confirming fake transactions.
Based on this analysis, LayerZero concluded that the responsibility lay with KelpDAO for opting for a single-DVN setup instead of a recommended multi-DVN configuration. They stated, “This incident was isolated entirely to KelpDAO’s rsETH configuration as a direct consequence of their single-DVN setup.”
Crypto Community Criticizes ‘Lack of Accountability’
The crypto community has reacted strongly to this post-mortem, criticizing LayerZero for what many see as deflecting responsibility onto KelpDAO’s security choices.
One X user, Saint, commented, “Imagine building a bridge that vehicles pay to cross, the bridge collapses, and you say it’s their fault for crossing the bridge. A classic clownery act from a bunch of clowns with zero accountability.”
Others questioned the logic of offering a “1-of-1” configuration if it is inherently insecure. User Ditto argued, “If the system allows this option, it’s not the fault of the customer who chose itโit’s a fundamental design flaw by the system that permitted it.” They added, “At the end of the day, the fact remains that the DVN RPC was compromised. DVN is a LayerZero product, and they are the ones who sold it to these teams.”
Chainlink community manager Zach Rynes accused LayerZero of deflecting blame for the compromise of its own DVN node and “throwing KelpDAO under the bus” for trusting a setup that LayerZero itself supported and only blocked after the hack.
Yearn Finance developer Artem K noted on X that the attack was described as a compromise of an RPC node, which is LayerZero’s own infrastructure. “Given it doesn’t say how the breach has occurred, I wouldn’t rush re-enabling the bridges,” he added.
Wrong Diagnosis, Wrong Fix?
Analyst The Smart Ape has suggested that LayerZero made an incorrect diagnosis and is offering the wrong solution. In its post-mortem, LayerZero recommended that all applications using a 1-of-1 DVN configuration migrate to multi-DVN setups to prevent future attacks.
However, the analyst argues that multi-verifier setups may not stop the next major attack. They point out that multiple DVNs could still fail because they often read chain states from the same small group of RPC providers, which are mostly concentrated on major cloud platforms like AWS or Google Cloud. If five “independent” verifiers all rely on the same compromised infrastructure, the security benefit is nullified.If all five decentralized verifier networks (DVNs) rely on the same three RPC providers, an attacker who compromises those three RPCs can simultaneously deceive all five verifiers. As one analyst explained, “If all your verifiers are fooled in the same way at the same time, the system effectively reverts to a 1-of-1 model. Five identical copies are not the same as five independent witnesses.”
To address this vulnerability, the analyst recommends that each verifier operate its own full node using different client software, hosted on separate cloud providers, managed by distinct operations teams, and connected to different segments of the Ethereum network. “The solution isn’t about adding more of the same components. The real fix is for verifiers to validate their own underlying infrastructure, not just the chain state. Until you can audit a DVN’s upstream setupโwhich RPC providers, client software, cloud services, and regions it usesโclaims of ‘M-of-N security’ are just marketing for a feature that hasn’t truly been implemented,” he noted. “On April 18, Lazarus Group didn’t break cryptography; they compromised three servers.”
Frequently Asked Questions
FAQs Crypto Community Criticizes LayerZeros Security Approach
BeginnerLevel Questions
Q1 What is LayerZero
A1 LayerZero is a technology that allows different blockchains to communicate and share data with each other Its often called an interoperability protocol
Q2 What happened with the 290M hack mentioned
A2 In 2022 a major crosschain bridge called Wormhole was hacked for roughly 320 million in crypto The recent criticism references this event as a cautionary example
Q3 What are verifiers in this context
A3 Verifiers are independent entities or software that check and confirm that a transaction moving from one blockchain to another is valid and correct They act as watchdogs for security
Q4 Why is the crypto community criticizing LayerZero
A4 The community is concerned that LayerZeros plan to improve security by simply adding more verifiers might not be enough to prevent a massive hack like the Wormhole incident Critics argue the fundamental design needs to be more secure
Q5 Whats a crosschain bridge and why is it risky
A5 A crosschain bridge is a tool that lets you move cryptocurrencies or data from one blockchain to another They are often targets for hackers because they hold a lot of lockedup funds in one place making them attractive honeypots
Intermediate Advanced Questions
Q6 What is the core argument against just adding more verifiers
A6 The argument is that quantity doesnt automatically beat quality or design If multiple verifiers rely on the same flawed software or security assumptions they can all be compromised together Its a single point of failure problem
Q7 Are there alternative security models to having more verifiers
A7 Yes Alternatives include
Fraud Proofs Where anyone can challenge and prove a transaction is invalid
Light Clients Using the blockchains own security mechanisms to verify transactions
Economic SecuritySlashing Requiring verifiers to stake large amounts of their own crypto which they lose if they act maliciously