Ethena, Kelp DAO diverge on root cause of $300M LayerZero exploit

Ethena and Kelp DAO have offered differing interpretations of the $300 million exploit tied to LayerZero's cross-chain infrastructure. It highlights a growing divide over whether the incident was driven by design choices or infrastructure failure. The 18 April attack resulted in the draining of over 116,000 rsETH from Kelp DAO's bridge. This triggered losses across DeFi protocols, prompting a coordinated recovery effort. Kelp DAO points to infrastructure failure In its latest post, Kelp DAO rejected claims that its configuration caused the exploit. instead it attributed the incident to a compromise within LayerZero's off-chain infrastructure. The protocol argued that the use of a 1-of-1 Decentralized Verifier Network [DVN] setup was not unique and reflected widely adopted defaults within the LayerZero ecosystem. Kelp added that the configuration had been previously approved and documented. It cited data suggesting a large portion of applications relied on similar setups. It also announced plans to migrate its bridging infrastructure to Chainlink's CCIP, signaling a shift away from LayerZero following the incident. Ethena highlights design and risk assumptions In contrast, Ethena framed the exploit as a failure of verification design. It emphasized that low-quorum setups introduce critical single points of failure. The protocol stated that the attack combined a 1-of-1 DVN configuration with compromised RPC infrastructure, allowing forged cross-chain messages to be validated and executed. Ethena noted that its own architecture avoided similar exposure by requiring higher verification thresholds and implementing safeguards such as rate limits and restricted bridge routes. It also said it paused its LayerZero bridges within hours of detecting anomalies, adding that its USDe stablecoin remained fully backed and unaffected. Broader implications for cross-chain security The differing accounts reflect a broader debate within DeFi over how to balance flexibility and security in cross-chain systems. While Kelp's position emphasizes infrastructure-level vulnerabilities, Ethena's response underscores the importance of designing systems that remain secure even when components fail. Both perspectives point to the same underlying challenge: ensuring that a single failure point cannot compromise verification mechanisms. Final Summary Ethena and Kelp DAO have presented differing explanations for the $300M LayerZero exploit. Kelp is pointing to infrastructure failure, and Ethena is emphasizing design risks. The divide highlights broader concerns around cross-chain security and the need for stronger verification models across DeFi protocols.