Skip to main content
Esc

Type to search

Articles / crypto-defi-blockchain / LayerZero's Incident Report Says Kelp Downgraded From 2-of-2 to 1-of-1 DVN Before $292M Exploit

LayerZero's Incident Report Says Kelp Downgraded From 2-of-2 to 1-of-1 DVN Before $292M Exploit

May 20, 2026 · Source: thedefiant.io · Topic:  crypto-defi-blockchain · fintech
Exploit Loss
$292M
Total loss incurred due to the KelpDAO bridge exploit
DVN Configuration Change
2-of-2 to 1-of-1
Downgrade of the Decentralized Verifier Network configuration before the exploit
rsETH Released
116,500
Amount of rsETH released by the attacker during the exploit

⦿ Executive Snapshot

  • What: LayerZero Labs released an incident report detailing the KelpDAO bridge exploit that led to a $292M loss.
  • Who: Key players include LayerZero Labs, KelpDAO, Mandiant, CrowdStrike, and Chainalysis.
  • Why it matters: The incident highlights vulnerabilities in decentralized verification networks and the need for improved security measures in cross-chain transactions.

⦿ Key Developments

  • LayerZero's forensic report claims the KelpDAO bridge was downgraded from a 2-of-2 to a 1-of-1 Decentralized Verifier Network (DVN) configuration before the exploit.
  • The breach was initiated on March 6, with the attacker gaining access through a socially engineered malicious GitHub repository.
  • The attacker managed to release 116,500 rsETH, equivalent to approximately $292M, due to a structural failure in the accounting of the bridge's operations.

⦿ Strategic Context

  • The incident underscores the critical importance of multi-signature setups in decentralized finance, as the shift to a 1-of-1 configuration created a single point of failure.
  • The exploit fits into a broader narrative of increasing scrutiny over security practices in the DeFi space, especially following high-profile attacks.

⦿ Strategic Implications

  • The immediate consequence is a potential loss of trust in LayerZero's infrastructure, prompting clients like KelpDAO to migrate to alternative solutions such as Chainlink's CCIP.
  • Long-term, this incident may accelerate the adoption of more robust security protocols and multi-signature requirements across decentralized platforms.

⦿ Risks & Constraints

  • Potential regulatory scrutiny could arise from the incident, particularly regarding the security standards for decentralized finance applications.
  • Competition from other blockchain interoperability solutions may intensify as projects seek to mitigate risks associated with single-verifier setups.

⦿ Watchlist / Forward Signals

  • Upcoming developments to monitor include LayerZero's implementation of a minimum 3-of-3 DVN configuration as a new default.
  • The migration of KelpDAO and other projects away from LayerZero may signal a shift in the landscape of cross-chain interoperability solutions and their security practices.
§ 08

Related Articles