LayerZero says it ‘made a mistake’ in $292 Million Kelp exploit

After initially framing the exploit as a developer configuration failure, LayerZero said it “owns” the decision to let its own verifier secure high-value transfers in a vulnerable setup.

What to know:

• LayerZero acknowledged it “made a mistake” by allowing its own verifier network to secure high-value assets in a risky configuration, reversing weeks of blaming Kelp DAO for a $292 million hack tied to North Korean attackers.
• The company said its protocol was not compromised and pinned the exploit on an attack against internal RPC infrastructure used by its decentralized verifier network, while insisting developers remain responsible for their own security settings.
• The fallout is driving major clients to rivals, with Kelp shifting its rsETH bridge to Chainlink and Solv Protocol moving more than $700 million in tokenized bitcoin infrastructure away from LayerZero.

LayerZero said late Friday U.S. time that it “made a mistake” allowing its own verification infrastructure to secure high-value crypto assets in a vulnerable configuration, marking a notable shift in tone after weeks of blaming developer Kelp DAO for a $292 million hack tied to North Korean attackers.

The admission marks a notable shift after weeks of public finger-pointing between LayerZero and Kelp over responsibility for the April hack, which LayerZero had initially framed as an application-level configuration failure by Kelp.

“First things first: an overdue apology,” LayerZero wrote in a blog published Friday.

LayerZero initially blamed Kelp, arguing the protocol had chosen a risky “1-of-1” configuration in which only a single decentralized verifier network, or DVN, needed to approve cross-chain transfers, creating a single point of failure. A DVN is part of the infrastructure that verifies whether a transaction moving assets between blockchains is legitimate.

“We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions,” the company said. “We didn't police what our DVN was securing, which created a risk we simply didn't see. We own that.”

To counter this, LayerZero Labs said its DVN will no longer service 1/1 DVN configurations. Additionally, "all defaults on all pathways are being migrated to 5/5 where possible and no less than 3/3 on any chain where only 3 DVNs are available," the blog said.

Cross-chain bridges act like digital transfer rails between otherwise separate blockchain networks, but have long been among crypto’s most vulnerable pieces of infrastructure.

LayerZero maintained that its underlying protocol was not compromised and reiterated that developers are ultimately responsible for configuring their own security assumptions.

“The LayerZero protocol remained unaffected,” the company said, attributing the exploit to an attack on internal RPC infrastructure used by the LayerZero Labs DVN, while external RPC providers were simultaneously hit with distributed denial-of-service attacks.

Additionally, Layer Zero said that three and a half years ago, one of its signers on our multisig used their multisig hardware wallet to perform a personal trade, intending to use their own personal hardware wallet. It is taking action against such moves and said, "This is obviously not ok."

"This signer was removed from the multisig, wallets rotated, and we’ve since updated our security practices around signing devices, added localized anomaly detection software on each device, and created a custom-built multisig called OneSig."

Competitors, including Chainlink, are using the fallout to win business from protocols rethinking their security providers.

Kelp has already moved its rsETH bridge to Chainlink’s competing Cross-Chain Interoperability Protocol, while Solv Protocol said this week it is migrating more than $700 million in tokenized bitcoin infrastructure away from LayerZero following a fresh security review.

More For You

Nearly 1,000 developers competed at the venue, from ecosystems like Base, Solana, and others arriving from companies like Microsoft and Google, most racing to build products around the theme of AI agents.

What to know:

• AI agents dominated the EasyA Hackathon at Consensus Miami 2026, where nearly 1,000 developers from crypto ecosystems like Base and Solana, alongside engineers from Microsoft and Google, built AI-native startups spanning autonomous payments, consumer apps, hardware generation, drones and prediction markets.
• EasyA founders Dom and Philip Kwok say the hackathon...

Crypto industry cheers Senate Clarity Act markup date as market structure push resumes

3 minutes ago

Emerging-market users are treating crypto exchanges like banking apps, Binance says

18 minutes ago

Swiss central bank bitcoin reserve push fails over signature shortfall

32 minutes ago

CME is set to let traders bet on bitcoin volatility, not just price

45 minutes ago

How DeFi is changing the financial landscape for Latin Americans

1 hour ago

Crypto wallets are being rebuilt for AI agents, Trust Wallet and Mesh executives say at Consensus Miami

2 hours ago

BlackRock deepens tokenization push with new onchain fund offerings

2 hours ago

Senate Banking Committee plans to hold key market structure hearing on Thursday

16 hours ago

Judge clears path for Aave to move $71 million in ETH linked to North Korea hack

11 hours ago

SEC chair Atkins signals new rules for onchain markets, AI-driven finance

21 hours ago

Kraken parent goes for the OCC charter in bid to become a federal crypto bank

23 hours ago

AI agents could solve crypto’s user problem

May 8, 2026