LayerZero Says Kelp Switched rsETH Bridge to 1-of-1 Verification Before $292M Exploit

Key Point

LayerZero Labs said KelpDAO changed the rsETH bridge from a 2-of-2 DVN setup to a 1-of-1 configuration that used only the LayerZero Labs DVN, but LayerZero did not say when the change was made, who made it, or why. LayerZero said the breach began on March 6 after a developer cloned a malicious GitHub repository that installed malware and exposed session keys for access to internal RPC infrastructure. LayerZero said the attacker later patched op-geth on two Kubernetes clusters, and the poisoned servers kept returning normal data to monitoring tools while DDoS attacks forced failover away from external RPC providers. LayerZero said the forged response led its DVN to sign a false message, and the Ethereum bridge released 116,500 rsETH worth about $292 million. Chainalysis called the exploit a trust-layer failure and said Kelp's contract pause blocked a second forged attempt to drain $95 million more, while LayerZero said its DVN will no longer sign as the sole verifier and defaults will rise to at least 3-of-3.

Why it matters: Cross-chain security may depend on verifier design and operational isolation as much as smart contract code, so stricter multi-verifier defaults could reduce single-point-of-failure risk across bridge systems.

Market Sentiment

Bearish, Stress-on, Tech-driven, Fear.

Reason: A sole required verifier signed a forged bridge message, which points to trust and containment risk rather than a routine smart contract bug.

Similar Past Cases

In March 2022, attackers used hacked private keys to forge withdrawals from Ronin, drained more than $625 million in ETH and USDC, and RON fell 20% at press time. (CoinDesk) (coindesk.com) Difference: Ronin depended on stolen validator keys across multiple validators, while Kelp's reported failure centered on a sole-verifier path and compromised verifier infrastructure.

Ripple Effect

This type of bridge failure can push users and integrators toward verification stacks with more independent signers, which can redirect liquidity and integrations away from systems seen as operationally concentrated. If other applications disclose similar sole-verifier paths, then cross-chain liquidity fragmentation and collateral haircuts could spread beyond KelpDAO. Lending venues with rsETH exposure may also face tighter risk reviews until backing and recovery paths look clearer.

Opportunities & Risks

Opportunities: If LayerZero publishes the new DVN client or more channels move to multi-verifier settings, then restored bridge design could become a re-entry signal for protocols that depend on cross-chain ETH liquidity. If Kelp or connected venues publish clearer recovery and backing details, then uncertainty around linked exposures could ease.

Risks: If more applications are found to have relied on sole-verifier paths or similar RPC failover designs, then reducing exposure to affected bridge-linked tokens can limit downside from repricing and liquidity withdrawal. If compensation terms or bad-debt outcomes stay unclear, then pressure could persist across protocols that use rsETH as collateral.