Kelp DAO to migrate rsETH to Chainlink CCIP after $292M LayerZero bridge exploit
LayerZero’s CEO disputes Kelp’s DVN-default narrative and says an external security-firm postmortem is coming.
Kelp DAO said it will move rsETH cross-chain messaging to Chainlink CCIP after an April 18 exploit described as a $292 million incident. The attacker stole 116,500 rsETH from a LayerZero-powered bridge and used the tokens as collateral on Aave v3 to borrow wrapped Ether.
Key Takeaways
- Kelp DAO said rsETH will migrate to Chainlink CCIP following an April exploit described as a $292 million incident.
- The April 18 attack stole 116,500 rsETH from a LayerZero-powered bridge and routed the tokens into Aave v3 as collateral to borrow WETH.
- LayerZero’s post-incident write-up tied the loss to a single-DVN verification path and said it advised against that configuration.
- CEO Bryan Pellegrino rejected Kelp’s framing, saying Kelp manually moved from multi-DVN defaults to a 1/1 setup and that an external postmortem will be published soon.
Kelp Moves rsETH Bridging to Chainlink CCIP After $292M Exploit
Kelp DAO said it will migrate its restaking token rsETH to Chainlink CCIP after an April 18 exploit that it described as a $292 million incident. The protocol framed the move as a direct security response tied to the bridge failure.
“After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to Chainlink CCIP,” Kelp DAO said in a statement posted on X.
For traders, the headline is not just a vendor swap. It keeps the exploit front-and-center in how the market prices cross-chain messaging risk around restaked ETH wrappers, and it raises near-term operational questions about how rsETH moves between chains during the transition.
How the Stolen rsETH Was Routed Into Aave v3 Borrowing
The attacker stole 116,500 rsETH from Kelp DAO’s LayerZero-powered bridge on April 18, then used the stolen rsETH as collateral on Aave v3 to borrow wrapped Ether. That flow matters because it turns a bridge compromise into immediate balance-sheet pressure inside lending venues, where borrowed WETH can be moved quickly and where liquidations and risk parameter changes can spill into correlated collateral.
The incident was described as one of the year’s largest security events and was linked to broader ecosystem contagion that impacted the interconnected crypto lending market. Even without full onchain accounting in the provided materials, the routing into Aave v3 is the key market-structure detail. It is the bridge-to-money-market path that tends to amplify second-order effects.
DVN Configuration Dispute: Single-Verifier Defaults vs Manual Downgrade
Root-cause attribution remains contested, and that uncertainty is now part of the trade.
LayerZero’s postmortem, released a day after the exploit, argued the hack occurred because Kelp’s decentralized verifier network (DVN) setup relied on a single LayerZero DVN as the only verified path, rather than requiring multiple independent checks. LayerZero said it advised against that configuration.
Kelp DAO disputes that framing. It said the 1/1 DVN setup is the default and is used by many other protocols, citing Dune data that it said shows roughly half of LayerZero users have a single DVN. Kelp also accused LayerZero of approving the setup and failing to warn about the related security risk. “Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up multiple times and these configurations were confirmed as secure at that time,” Kelp said.
LayerZero CEO Bryan Pellegrino pushed back publicly, saying a “ton” of Kelp’s claims were “just completely untrue.” He argued Kelp originally used multi-DVN defaults and later manually changed to a 1/1 configuration that is not recommended for production applications. “The defaults Kelp is referencing in their screenshot were multiDVN or DeadDVN, which force-rejects an application using the defaults at all and requires them to manually set configuration. rsETH was originally configured to use the default LayerZero configuration of a multiDVN setup of LayerZero Labs + Google,” Pellegrino said.
LayerZero Tightens Validation Rules as an External Postmortem Looms
LayerZero said it will no longer validate or approve cross-chain messages for any app that relies on a single verifier, and that it is migrating protocols using that setup to a multi-DVN configuration. That is a concrete policy shift that can force changes across other LayerZero-integrated apps, not just Kelp.
The next catalyst is the promised external security-firm postmortem referenced by Pellegrino, including whether it corroborates LayerZero’s DVN-configuration account or supports Kelp’s claim that the setup was effectively treated as acceptable. Separately, Kelp has not provided migration specifics for the CCIP cutover in the provided materials, including timing, whether bridging is paused during the transition, and whether users need to take action.
What the CCIP Migration Signals for Cross-Chain Risk Pricing
I treat the CCIP migration as a security-driven repositioning, not a clean resolution. The market still does not have a settled root cause, and that matters because it determines whether this was an app-level configuration failure or a broader messaging-layer trust hit.
The threshold that matters is whether the external postmortem closes the attribution gap and whether LayerZero’s single-verifier validation ban forces visible, rapid multi-DVN migrations across other protocols. If those two things land cleanly, the setup starts to look structural rather than narrative-driven, and cross-chain risk premia will reprice around enforceable validation standards instead of marketing claims.
