Kelp claims that LayerZero approved the setup it blamed for $292 million bridge hack
Key takeaways
- Kelp's memo says LayerZero personnel reviewed its configurations for over 2.5 years and in eight integration discussions, without warning that a 1-of-1 setup posed a material security risk.
- The memo, titled “Setting the Record Straight Around the LayerZero Bridge Hack,” includes screenshots of Telegram exchanges that document LayerZero’s awareness and lack of objection to Kelp’s verifier setup.
- CoinDesk could not independently authenticate the screenshot.
LayerZero banned it post-hack.The $292 million exploit, linked to a North Korean hacker group, led Kelp to migrate its rsETH off LayerZero's OFT standard to Chainlink's Cross-Chain Interoperability Protocol (CCIP).Kelp DAO claims that LayerZero personnel approved the 1-of-1 verifier setup, a decision LayerZero has since cited as the reason a North Korea-linked attacker drained roughly $292 million from Kelp's rsETH bridge.
The claim runs counter to LayerZero's April 19 postmortem, which said Kelp's rsETH application relied on LayerZero Labs as its sole verifier and that the setup "directly contradicts" LayerZero's recommended multi-DVN model.
Kelp's memo says LayerZero personnel reviewed its configurations for over 2.5 years and in eight integration discussions, without warning that a 1-of-1 setup posed a material security risk.