Kelp DAO said it will migrate rsETH to Chainlink’s Cross-Chain Interoperability Protocol after April’s $292 million bridge exploit, while its dispute with LayerZero over the cause of the attack continued to deepen.
Summary
- Kelp DAO is moving rsETH to Chainlink CCIP after April’s $292 million bridge exploit.
- LayerZero denied Kelp’s claims and said rsETH manually changed to a 1-of-1 setup.
- Aave is fighting a restraining notice over frozen ETH tied to the rsETH hack.
Kelp DAO said the move to Chainlink CCIP is part of its plan to strengthen rsETH security after hackers drained 116,500 rsETH from its LayerZero-powered bridge on April 18. The stolen tokens were later used as collateral on Aave v3 to borrow wrapped Ether.
“After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to Chainlink CCIP,” Kelp DAO said in an X post.
The change will move rsETH away from LayerZero’s OFT standard and onto Chainlink’s Cross-Chain Token standard.
The attack has become one of the largest DeFi exploits reported this year. It also triggered stress across lending markets because the stolen rsETH entered Aave as collateral before parts of the related funds were frozen.
Kelp questions LayerZero’s security warnings
Kelp DAO claims LayerZero approved the 1-of-1 verifier setup that LayerZero later blamed for the exploit. Kelp said it had used LayerZero infrastructure since January 2024 and kept an open channel with the LayerZero team.
The protocol also said the DVN setup came up more than once during integration talks. According to Kelp, those configurations were “confirmed as secure at that time.”
Kelp further argued that the 1-of-1 setup was not rare. It cited Dune Analytics data showing that nearly half of LayerZero users had a single DVN configuration. Kelp said this raised doubts about whether the risk had been made clear to builders before the hack.
The team also referred to screenshots of Telegram exchanges that it said showed LayerZero’s awareness of the setup. However, CoinDesk said it could not independently verify the screenshots.
LayerZero CEO rejects Kelp’s claims
LayerZero co-founder and CEO Bryan Pellegrino rejected Kelp’s account. In a reply on X, he said a “ton” of the claims were “just completely untrue.”
Pellegrino said Kelp first used LayerZero’s default multi-DVN setup, then later changed the configuration to 1-of-1. He argued that this setup was not recommended for production use.
“The defaults Kelp is referencing in their screenshot were multiDVN or DeadDVN,” Pellegrino said. He added that rsETH was first configured with LayerZero Labs and Google under a multi-DVN model.
LayerZero has since said it will no longer approve cross-chain messages for apps using a single verifier. The company also said protocols using that setup are being moved to multi-DVN configurations. Pellegrino said a full postmortem from external security firms will be released soon.
Aave seeks release of frozen ETH
The rsETH exploit has also moved into court. According to crypto.news, Aave LLC filed an emergency motion in New York on May 4 to lift a restraining notice served on Arbitrum DAO. The notice seeks to block the transfer of ETH linked to the April 18 rsETH incident.
The filing concerns about $71 million in frozen ETH. Gerstein Harrow LLP claims the funds could help satisfy unpaid judgments tied to alleged North Korea-linked crypto theft. Aave disputes that claim and says stolen assets do not become North Korea’s property because an alleged attacker held them briefly.
Aave also said no court has found that North Korea, Lazarus Group, or a related party carried out the hack. The protocol argued that the frozen assets belong to users affected by the exploit.
Arbitrum Security Council froze 30,765.6675 ETH on April 21. Aave said the funds were moved to a designated address to support rsETH backing and help affected users recover.
crypto.news
#Kelp #DAO #moves #rsETH #Chainlink #CCIP #LayerZero #dispute #grows
