LayerZero Blamed for $290M Hack: Crypto Community Slams ‘Lack of Accountability’

by

Crypto Community Slams LayerZero: More Verifiers Won’t Stop The Next $290M Hack

LayerZero is receiving significant backlash for how it handled the recent $290 million hack involving KelpDAO. The company stated the problem stemmed from how KelpDAO had set up its security system, specifically a ‘1-of-1 verifier’ configuration.

LayerZero Blames KelpDAO For $290M Exploit

This weekend, KelpDAO, a platform for liquid restaking, lost over $290 million worth of rsETH due to a hack. Attackers took advantage of a flaw in the protocol’s connection to LayerZero, a bridging technology.

Just weeks after the $285 million hack at Drift Protocol, LayerZero responded to a separate incident that would become the biggest DeFi hack of 2026.

LayerZero believes a recent, complex attack was carried out by the Lazarus Group, a hacking organization linked to North Korea. They clarified that the attack targeted the systems supporting cryptocurrency, rather than a flaw in their own technology, and confirmed that no other cross-chain platforms or assets were affected.

The system’s security is designed to be flexible and customizable, built on a base of independent networks called Decentralized Verifier Networks (DVNs). These networks work separately to confirm that messages sent between different blockchains haven’t been tampered with.

Hackers reportedly harmed the systems that process requests by gaining control of enough of those systems that LayerZero Labs used to confirm transactions.

Based on my analysis of the incident, the attackers replaced legitimate software with their own malicious code. This allowed them to create fraudulent messages. They then amplified the impact by launching DDoS attacks, which forced the network to switch over to the compromised servers. This ultimately tricked the Distributed Validity Network (DVN) into validating these fake transactions.

LayerZero stated that KelpDAO was responsible for the issue, explaining it stemmed from KelpDAO’s choice to use a single data verification network (DVN) instead of the recommended multiple DVN setup. They clarified that the problem was specific to KelpDAO’s configuration of rsETH and directly caused by this single-DVN setup.

Crypto Community Criticizes ‘Lack Of Accountability’

People in the crypto world have been discussing the recent analysis of what happened, and many are worried about how LayerZero handled it. They’ve criticized the protocol for blaming Kelp’s security as the sole cause of the issue.

A user named Saint compared a situation to building a faulty bridge and then blaming the people who paid to use it. They called it a ridiculous act with no one taking responsibility.

Some users wondered why LayerZero offered a single, non-customizable setup option, given that a DVN is meant to be flexible and adaptable in terms of security. One user, Ditto, pointed out that if the system allowed for this limited configuration, the issue wasn’t the user’s fault, but rather a flaw in the system’s design for enabling it in the first place.

Ultimately, the DVN RPC was hacked. DVN is a product created by LayerZero, who then sold it to various teams, as he explained.

Zach Rynes, a community manager for Chainlink, also claimed the protocol was trying to avoid taking blame for a security issue with their own DVN node.

He also faulted them for blaming KelpDAO for a problem caused by trusting LayerZero Labs. He pointed out that LayerZero was initially supported, only blocked after a hack occurred, yet they still maintained everything was functioning correctly.

Yearn Finance developer Artem K explained on X that the recent attack involved a compromised RPC node and RPC poisoning, but the issue stemmed from a breach within Yearn’s own systems. He cautioned against immediately reactivating the bridges until the cause of the breach is fully understood.

Wrong Diagnosis, Wrong Fix?

According to analyst The Smart Ape, LayerZero misidentified the cause of a recent issue and proposed an ineffective fix. LayerZero’s own review of the incident recommended that apps using a specific, single-endpoint setup switch to a more robust, multi-endpoint system to avoid future attacks.

The analyst explained that simply adding more verification layers won’t prevent a large-scale attack. They argued that these systems could still fail because most rely on the same few data sources – primarily those hosted on Amazon Web Services or Google Cloud – creating a single point of vulnerability.

If five separate data verifiers rely on the same three data sources, a malicious actor could compromise all five of them by manipulating those three sources at once. As one expert explained, if all verifiers are fooled in the same way simultaneously, it effectively eliminates the benefits of having multiple verifiers – it’s as if there was only one. Simply having copies of verifiers doesn’t create independent proof.

To address this issue, the analyst recommended each verifier operate a complete node using diverse software, hosted across multiple cloud platforms, managed by separate operations teams, and connected to varying parts of the Ethereum network.

The solution isn’t about complex setups; it’s simply that data validators should confirm the origin of the information they’re checking, not just the data itself. Until we can fully trace a decentralized verification network’s connections – its data sources, software, and location – claims of ‘M-of-N security’ are just promises, not reality. The recent attack wasn’t a breakthrough in hacking encryption; it was a successful attack on just three servers, as the attacker exploited those specific points of failure.

Read More

2026-04-21 11:11