Kelp DAO Shifts to Chainlink After Disputed LayerZero Security Review

Kelp DAO disputes LayerZero's claims about responsibility for its $292 million breach, contending the infrastructure provider approved its bridge setup for over two years. The protocol now migrates to Chainlink CCIP.

Kelp DAO has initiated a migration of its rsETH token to Chainlink's Cross-Chain Interoperability Protocol (CCIP) following the $292 million exploit that compromised its bridge infrastructure in June 2024. The move marks a significant pivot in the liquid restaking protocol's cross-chain strategy and reflects growing tension between Kelp and LayerZero Labs over accountability for the security failure. At the center of the dispute is a fundamental disagreement about responsibility: Kelp contends that LayerZero's engineering team reviewed its single-verifier bridge architecture for more than two years without raising red flags, only to distance itself from the vulnerability after the hack occurred.

The single-verifier configuration in question represents a critical architectural decision that concentrated trust in a way that proved catastrophic when exploited. This design choice allowed transactions to be validated by a single entity rather than a decentralized set of verifiers, creating a single point of failure that attackers successfully leveraged. Kelp's assertion that LayerZero conducted extensive reviews without objection suggests either a significant lapse in LayerZero's security diligence or, conversely, raises questions about whether the protocol suite genuinely carried the risk profile its architectural constraints implied. The timeline dispute matters considerably because it affects not only reputational assessments but also potential liability frameworks as the industry grapples with how cross-chain infrastructure providers should vet client implementations.

The migration to Chainlink CCIP signals Kelp's confidence in Chainlink's technical approach, which relies on a decentralized network of oracle operators and a different threat model than LayerZero's validator-based system. Chainlink's Cross-Chain Interoperability Protocol employs multiple independent nodes to execute transactions and validate data across blockchains, theoretically eliminating the single-verifier weakness that proved fatal for Kelp's previous setup. This transition also reflects broader industry sentiment following the exploit, as several protocols have reconsidered their LayerZero dependencies in favor of alternatives offering different security guarantees.

The incident underscores a persistent challenge in cross-chain infrastructure: the difficulty of establishing clear responsibility boundaries between protocol developers and application teams. As cross-chain activity becomes increasingly integral to DeFi, these disputes over due diligence and architectural review will likely become more frequent, potentially spurring clearer standards for how infrastructure providers document security assessments and communicate known limitations to clients. Kelp's decision to switch bridges may accelerate broader re-evaluation of cross-chain strategies across the ecosystem.