LayerZero says it ‘made a mistake’ in $292 Million Kelp exploit

Tech Share Share this article Copy link X icon X (Twitter) LinkedIn Facebook Email LayerZero says it ‘made a mistake’ in $292 Million Kelp exploit After initially framing the exploit as a developer configuration failure, LayerZero said it “owns” the decision to let its own verifier secure high-value transfers in a vulnerable setup. By Sam Reynolds | Edited by Aoyon Ashraf May 9, 2026, 1:53 p.m. 2 min read Make preferred on LayerZero CEO Bryan Pellegrino at Crypto Bahamas 2022 (Danny Nelson/CoinDesk) What to know : LayerZero acknowledged it “made a mistake” by allowing its own verifier network to secure high-value assets in a risky configuration, reversing weeks of blaming Kelp DAO for a $292 million hack tied to North Korean attackers. The company said its protocol was not compromised and pinned the exploit on an attack against internal RPC infrastructure used by its decentralized verifier network, while insisting developers remain responsible for their own security settings. The fallout is driving major clients to rivals, with Kelp shifting its rsETH bridge to Chainlink and Solv Protocol moving more than $700 million in tokenized bitcoin infrastructure away from LayerZero. LayerZero said late Friday U.S. time that it “made a mistake” allowing its own verification infrastructure to secure high-value crypto assets in a vulnerable configuration, marking a notable shift in tone after weeks of blaming developer Kelp DAO for a $292 million hack tied to North Korean attackers. The admission marks a notable shift after weeks of public finger-pointing between LayerZero and Kelp over responsibility for the April hack, which LayerZero had initially framed as an application-level configuration failure by Kelp. “First things first: an overdue apology,” LayerZero wrote in a blog published Friday. LayerZero initially blamed Kelp, arguing the protocol had chosen a risky “1-of-1” configuration in which only a single decentralized verifier network, or DVN, needed to approve cross-chain transfers, creating a single point of failure. A DVN is part of the infrastructure that verifies whether a transaction moving assets between blockchains is legitimate. “We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions,” the company said. “We didn't police what our DVN was securing, which created a risk we simply didn't see. We own that.” To counter this, LayerZero Labs said its DVN will no longer service 1/1 DVN configurations. Additionally, "all defaults on all pathways are being migrated to 5/5 where possible and no less than 3/3 on any chain where only 3 DVNs are available," the blog said. Cross-chain bridges act like digital transfer rails between otherwise separate blockchain networks, but have long been among crypto’s most vulnerable pieces of infrastructure. LayerZero maintained that its underlying protocol was not compromised and reiterated that developers are ultimately responsible for configuring their own security assumptions. “The LayerZero protocol remained unaffected,” the company said, attributing the exploit to an attack on internal RPC infrastructure used by the LayerZero Labs DVN, while external RPC providers were simultaneously hit with distributed denial-of-service attacks. Additionally, Layer Zero said that three and a half years ago, one of its signers on our multisig used their multisig hardware wallet to perform a personal trade, intending to use their own personal hardware wallet. It is taking action against such moves and said, "This is obviously not ok." "This signer was removed from the multisig, wallets rotated, and we’ve since updated our security practices around signing devices, added localized anomaly detection software on each device, and created a custom-built multisig called OneSig." Competitors, including Chainlink, are using the fallout to win business from protocols rethinking their security providers. Kelp has already moved its rsETH bridge to Chainlink’s competing Cross-Chain Interoperability Protocol, while Solv Protocol said this week it is migrating more than $700 million in tokenized bitcoin infrastructure away from LayerZero following a fresh security review. More For You AI agents fueled a frenzy of startup building at the Consensus Miami EasyA hackathon By Margaux Nijkerk | Edited by Nikhilesh De 18 hours ago Nearly 1,000 developers competed at the venue, from ecosystems like Base, Solana, and others arriving from companies like Microsoft and Google, most racing to build products around the theme of AI agents. What to know : AI agents dominated the EasyA Hackathon at Consensus Miami 2026, where nearly 1,000 developers from crypto ecosystems like Base and Solana, alongside engineers from Microsoft and Google, built AI-native startups spanning autonomous payments, consumer apps, hardware generation, drones and prediction markets. EasyA founders Dom and Philip Kwok say the hackathon... Read full story Latest Crypto News Judge clears path for Aave to move $71 million in ETH linked to North Korea hack 9 hours ago Senate Banking Committee plans to hold key market structure hearing on Thursday 14 hours ago Coinbase rebounds as altcoins surge with bitcoin holding above $80,000 16 hours ago AI agents fueled a frenzy of startup building at the Consensus Miami EasyA hackathon 18 hours ago SEC chair Atkins signals new rules for onchain markets, AI-driven finance 19 hours ago Kraken parent goes for the OCC charter in bid to become a federal crypto bank 20 hours ago Top Stories U.S. added 115K jobs in April, nearly doubling expectations May 8, 2026 AI agents could solve crypto’s user problem May 8, 2026 Bitcoin shows 2-cent price on Revolut as users report apparent BTC display glitch May 8, 2026 Arbitrum delegates back $71 Million ETH recovery plan despite U.S. seizure fight May 8, 2026 S&P 500 call options volume surges to record $2.6 trillion. Here's what it means for bitcoin May 8, 2026