Recent Exploit of KelpDAO
In a recent social media post, David Schwartz, the former Chief Technology Officer of Ripple, has raised questions regarding the recent exploit of KelpDAO, which led to significant losses amounting to over $290 million. This incident occurred on April 18 when KelpDAO, known for its liquid restaking protocol, fell victim to a sophisticated attack.
Details of the Attack
Following the exploit, LayerZero provided an update indicating that the vulnerability was linked to the configuration of rsETH due to its reliance on a single Decentralized Verifier Network (DVN). They identified that the attack exploited weaknesses within the RPC infrastructure used by their system.
Community Response and Questions
One week after this major breach, the cryptocurrency community remains in pursuit of clarity about the event, which is being dubbed the most significant hack in the decentralized finance (DeFi) space for the year 2026. In this context, Schwartz referred to an earlier statement made by LayerZero’s CEO, Bryan Pellegrino, from December 2024, wherein he asserted that not a single application relied exclusively on the DVN. Pellegrino had famously stated:
“What percentage of LayerZero volume relies solely on LZ DVN? The answer to that is 0%. There isn’t a single application setup that solely uses the LZ DVN.”
This prompts Schwartz to wonder whether there has been a change in circumstances since that time, leading him to question the validity of LayerZero’s explanation. He pointedly asks, if previously no application was dependent on a sole DVN, why is this configuration now being cited as the root cause of the KelpDAO incident? Schwartz’s inquiries suggest a crucial inconsistency in the narrative provided by LayerZero, calling into question the operational integrity of KelpDAO’s architecture following the CEO’s prior comments.
Industry Insights
Additionally, Aanchal Malhotra, the head of research at Ripple, chimed in on the discussion surrounding the rsETH hack, commenting on the industry’s movement towards improved security practices, such as zero-knowledge proofs and stricter auditing protocols. However, she emphasized that relying on improved primitives alone is insufficient; a comprehensive evaluation of security proofs alongside deployment environments remains vital to bridging existing gaps in security.
