Detailed May 18 post-mortem traces a six-week breach to DPRK group TraderTraitor and locks in a new 3-of-3 DVN protocol default. Kelp says LayerZero approved the configuration and has migrated rsETH bridging to Chainlink.
LayerZero Labs published a detailed forensic report on the April 18 KelpDAO bridge exploit on Sunday. The report, produced with cybersecurity firms Mandiant, CrowdStrike, and zeroShadow, contains a previously unreported claim about how KelpDAO’s bridge was configured before the attack.
According to LayerZero, the bridge for rsETH (KelpDAO’s liquid restaking token, a derivative representing staked and restaked ETH) had at some prior point been configured with a 2-of-2 stack of Decentralized Verifier Networks, or DVNs — the parties responsible for confirming whether a cross-chain message is legitimate. LayerZero says the configuration was then changed by Kelp to a 1-of-1 setup, leaving LayerZero Labs as the sole required verifier.
“A previous 2-of-2 configuration had been modified by the application owner to a 1-of-1 configuration which used only the LayerZero Labs DVN,” the report states.
LayerZero does not specify when the change occurred, who made it, or why.
Kelp has not directly addressed the 2-of-2 claim in any public statement reviewed for this story.
In prior communications, Kelp has maintained that the 1-of-1 setup was LayerZero’s documented default for new deployments and that LayerZero personnel approved it during Kelp’s expansion to layer-2 networks. Kelp has published screenshots it says corroborate those communications, and has cited industry data estimating that roughly 47% of LayerZero’s ~2,665 deployed applications were running 1-of-1 configurations at the time of the attack. LayerZero has not publicly responded to the screenshots.
What LayerZero says happened
According to the report, the breach began on March 6, six weeks before the funds were drained. LayerZero says one of its developers “was socially engineered” to clone a malicious GitHub repo which dropped malware on their macOS system. The malware provided remote access to the developer’s computer and enabled the attacker to harvest session keys, which were used to access LayerZero’s Remote Procedure Call (RPC) infrastructure via commercial VPNs for six weeks before executing.
On April 18, per the report, the attacker injected malicious code into op-geth — the software LayerZero’s DVN was using to read blockchain state — on two Kubernetes clusters. LayerZero says the patched servers returned forged responses to the DVN signing service while continuing to return correct data to monitoring tools, defeating real-time detection.
Simultaneous DDoS attacks on external RPC providers forced failover to the poisoned internal servers. The DVN then signed a valid attestation for a forged message, and the Ethereum bridge contract released 116,500 rsETH — about $292M — to the attacker.
Mandiant and CrowdStrike, the cybersecurity firms LayerZero retained, attribute the operation with high confidence to UNC4899 — also known as TraderTraitor — the DPRK group both firms have linked to the $1.5B Bybit Safe{Wallet} heist in February 2025.
Chainalysis’s independent framing
In a post-mortem updated alongside LayerZero’s report, blockchain analytics firm Chainalysis framed the exploit as a “trust-layer failure” that contract auditing could not have caught. “At the transaction level, every step of the exploit was indistinguishable from normal bridge activity,” the firm wrote. “The failure was structural.”
Chainalysis identified the underlying issue as a broken accounting invariant: the rsETH released on Ethereum had no matching burn on the source chain, meaning supply entered circulation without backing. The firm credited Kelp’s contract pause with blocking a second forged attempt to drain $95M more, and the Arbitrum Security Council with freezing 30,766 ETH of the attacker’s downstream funds on April 20.
Prior apology
LayerZero says its DVN now refuses to sign attestations on any channel where it is the sole verifier, that protocol defaults will be raised to at least 3-of-3, that it has rebuilt the compromised cloud environment, and that it is developing a new client to enable diversity within its DVN.
The report follows a May 9 statement in which LayerZero acknowledged it had “made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions,” reversing three weeks of statements that had assigned the configuration choice to Kelp.
The Chainlink migration
Two days after the apology, Kelp announced it was migrating rsETH bridging from LayerZero’s Omnichain Fungible Token standard to Chainlink’s Cross-Chain Interoperability Protocol, or CCIP, which requires consensus from at least 16 independent node operators. Solv Protocol separately said it is moving over $700M in tokenized Bitcoin infrastructure away from LayerZero.
LayerZero’s report did not mention user compensation. Aave’s own incident report models $124 million to $230 million in bad debt at the lending protocol.
