On April 18, North Korean hackers from Lazarus Group's TraderTraitor subunit — the same crew behind the $1.5 billion Bybit breach in February 2025 — drained 116,500 rsETH from Kelp DAO's cross-chain bridge. The attack took minutes. The fallout is still accelerating.

North Korean hacking groups accounted for 76% of all crypto hack losses in 2026 through April — not because North Korea launched a wave of attacks, but because two attacks totaling $577 million dwarfed everything else. The Drift Protocol breach on April 1 ($285 million) and the KelpDAO bridge exploit on April 18 ($292 million) represent 3% of 2026 incident count but 76% of all losses.

That's the context in which Kelp DAO migrates rsETH to Chainlink after $292 million hack — a move announced May 5 via an X post that was less a migration notice and more a formal accusation. Kelp didn't just say it was switching infrastructure. It published screenshots of communications with LayerZero personnel that it says prove LayerZero approved the configuration that made the attack possible. LayerZero CEO Bryan Pellegrino called significant parts of that account "just completely untrue." Neither party has settled the facts. In the meantime, the stolen funds are being laundered through THORChain by Chinese intermediaries, Aave is in court in New York, and $71 million in ETH is frozen on Arbitrum while litigation proceeds.

This is not a resolved story. It's an active dispute that's about to get worse.

What Actually Happened on April 18

The mechanics matter, because LayerZero and Kelp are offering incompatible versions of them.

Chainalysis said the attack was not a smart contract hack, but an attack on offchain infrastructure in which attackers compromised internal RPC nodes and used false data to trick a 1-of-1 DVN setup into releasing funds against a nonexistent burn. The sequence: attackers pre-funded six wallets via Tornado Cash roughly ten hours before the drain, then compromised two of the RPC nodes that LayerZero's verifier relied on to confirm cross-chain transactions, replacing the nodes' software with malicious versions that reported false transaction data to the verifier while continuing to feed accurate data to every other observer — keeping the attack invisible to LayerZero's own monitoring systems.

The 1-of-1 Decentralized Verifier Network setup is what made this fatal. In a single-DVN configuration, one entity's signature is enough to authorize a cross-chain transfer. Poison one source of truth and there's nothing to contradict it. Kelp's emergency pause, 46 minutes after the drain, blocked two follow-up attempts that would have released an additional ~$200 million in rsETH. The core restaking contracts weren't touched — the exploit was isolated entirely to the bridge layer.

The fallout spread across DeFi because the attacker deposited stolen rsETH as collateral across major lending markets. Galaxy Research said the exploiter borrowed about $236 million in WETH and wstETH, while Aave froze rsETH, wrsETH, and WETH markets across deployments as liquidity stress intensified. Aave's TVL fell by $8.45 billion in the following 48 hours. The protocol is now dealing with nearly $200 million in bad debt.

The Dispute at the Center of Everything

LayerZero's April 19 postmortem put the blame on Kelp's application-level configuration. It said the single-DVN setup "directly contradicts" the multi-DVN model LayerZero recommends, and that Kelp bore responsibility for how it configured its bridge. Kelp's May 5 response disputes that framing on three fronts.

First, one screenshot shows a LayerZero team member saying: "No problem on using defaults either" — Kelp says the "defaults" referenced in the exchange were the 1-of-1 LayerZero Labs DVN configuration later cited by LayerZero as the application-level setup that enabled the exploit. CoinDesk couldn't independently authenticate the screenshot, and LayerZero didn't respond to requests for comment by publication.

Second, the configuration itself wasn't unusual. Data from Dune Analytics shows that nearly 47% of approximately 2,665 LayerZero OApp contracts were configured with one-to-one validators within the past 90 days. LayerZero banned the configuration post-hack and is now forcing a migration for every affected application. The decision to retroactively prohibit a setup used by nearly half the protocol's active apps doesn't sit cleanly alongside the claim that the setup was Kelp's unusual choice.

Third, the 1-of-1 structure appeared in LayerZero's own V2 OApp Quickstart, where the sample layerzero.config.ts wires every pathway with one required DVN and no optional DVNs. That's the developer-facing documentation. What LayerZero was telling its enterprise partners in private conversations was apparently consistent with what its public documentation showed.

Pellegrino's counter is that Kelp originally deployed with a multi-DVN setup and then manually switched to 1-of-1 — which, if true, makes Kelp's reliance on default documentation less relevant. An external postmortem from third-party security firms is reportedly forthcoming. Until it's published, anyone treating either party's account as settled is making a judgment call without the full evidence.

"It's really the only bridge in which you have a kind of client diversity and separate codebases interacting with each other in a secure way."

— Zach Rynes, Chainlink community manager, describing CCIP's multi-validator architecture, quoted on X in the days after the exploit

— and, notably, not waiting for the dispute to resolve before making the case

What CCIP Actually Offers That OFT Didn't

The change will move rsETH away from LayerZero's OFT standard and onto Chainlink's Cross-Chain Token standard. Chainlink's chief business officer offered support to work with Kelp DAO to secure the migration and implement multi-validator approvals.

The structural difference matters. Chainlink's CCIP requires multiple independent validators to approve a transfer before it executes — not one party with one set of RPC nodes that a state-level attacker can systematically poison. Client diversity in the verification layer means an attacker has to compromise multiple independent codebases and infrastructure operators simultaneously. That's a categorically harder problem.

CCIP has been operating without a publicly disclosed value-loss incident since launch. That's a meaningful datapoint, though it's also a function of volume. Chainlink's CCIP hasn't processed the same transaction volumes as LayerZero's more widely adopted OFT standard. A higher-profile target is a different threat surface.

What Kelp's migration signals to the broader market is less about Chainlink being definitively more secure and more about the reputational cost of being the protocol that ran a 1-of-1 DVN and lost $292 million. Founders building cross-chain applications are now pricing in not just technical security but what happens to their brand and user base if something goes wrong. CCIP is the choice that lets you tell your users you made a defensible decision.

The Global Dimension: Who's Actually Paying for This

$13 billion exited DeFi protocols within days of the Kelp exploit, according to DeFiLlama data — with outflows concentrated in bridges and lending platforms. That's not a Web3-native problem. It's a capital allocation problem that touches institutional participants in Singapore, Abu Dhabi, and Zurich who've been quietly building DeFi treasury exposure over the past two years.

The KelpDAO attackers moved funds rapidly through cross-chain swaps into Bitcoin via THORChain, with the ongoing laundering phase handled largely by Chinese intermediaries, not the North Koreans themselves, according to TRM Labs. THORChain's refusal to freeze or reject transactions from known illicit actors has made it the consistent exit ramp of choice for Lazarus Group — across the Bybit hack in 2025 and now the Kelp exploit. This is not a technical limitation. It's a governance choice that the broader DeFi sector hasn't resolved and probably can't without fracturing the community that prizes censorship-resistance above most other values.

European regulators watching the MiCA implementation process are paying attention. The EU's Markets in Crypto-Assets regulation requires firms dealing in crypto assets to demonstrate robust operational risk management — and cross-chain bridge infrastructure used in a $292 million state-actor exploit is about as far from demonstrated robustness as you can get. In the UK, the FCA's crypto registration regime is already making compliance officers nervous about bridge exposure in fund portfolios. The Kelp exploit gives them exactly the headline they've been waiting to cite.

In Asia-Pacific, where South Korea's crypto exchange volume rivals that of the US on a per-capita basis and where the FSC has been tightening DeFi oversight since the Terra/Luna collapse, the geographic proximity to the Lazarus Group's operational base adds a political layer that Western regulators don't fully grapple with.

The contrarian case: Kelp might be getting more out of this migration announcement than it deserves. Moving to CCIP doesn't resolve the fundamental tension in Kelp's situation — the exploit happened at the bridge layer, and their core restaking contracts are fine, which means the damage is reputational and legal rather than structural. Migrating cross-chain infrastructure to a different provider doesn't protect against a state-level actor who's targeting off-chain RPC nodes. If TraderTraitor wants to target Kelp's new CCIP infrastructure with the same DDoS-and-poisoning playbook, the multi-validator model makes it harder — but Kelp isn't the only element in that chain. The question of whether Chainlink's validators run sufficiently diverse RPC infrastructure to withstand the same attack is worth asking before declaring the migration a security win.

The Legal Tangle

About $71 million in funds tied to the exploit were frozen on the Arbitrum network and are the subject of litigation in U.S. federal court in New York. Aave LLC filed an emergency motion on May 4 to lift a restraining notice served on Arbitrum DAO. Separately, US claimants with terrorism-related judgments against North Korea have moved to attach the frozen ETH as DPRK property.

LayerZero pledged 10,000 ETH to the DeFi United recovery fund. The legal status of the remaining frozen funds is genuinely complicated — multiple parties with competing claims on assets sitting in a wallet controlled by Arbitrum's Security Council, contested in federal court, while the actual Lazarus Group has long since laundered the proceeds through THORChain into Bitcoin.

What to watch:

• The external postmortem from third-party security firms that Pellegrino promised. If it shows Kelp did manually switch from multi-DVN to 1-of-1 after initial deployment, LayerZero's position strengthens significantly. If it shows the default configuration was 1-of-1 from the start, Kelp's screenshots become more damaging.

• Whether the New York federal court case establishes any precedent about responsibility for bridge infrastructure failures. There's no established case law here. Whatever the court finds will matter well beyond this specific dispute.

• How many of the 47% of LayerZero OApps still running 1-of-1 configurations actually complete the forced migration — and whether any of them get targeted before they do.

What founders building cross-chain infrastructure should take from this:

The Kelp/LayerZero dispute is messy and the facts are contested. But a few things are clear regardless of who's ultimately right about the configuration history.

The April 18 attack succeeded because there was one verifier, one set of code, and one infrastructure operator to compromise. Single points of failure in cross-chain verification are not theoretical risks — they're operational vulnerabilities that North Korean state actors have demonstrated they can exploit with precision. The Lazarus Group's TraderTraitor subunit has now pulled $1.5 billion from Bybit, $292 million from Kelp, and $285 million from Drift in roughly 14 months. North Korea's cumulative crypto theft now exceeds $6 billion in attributed incidents since 2017. Game DeveloperTweakTown

The second lesson is about documentation and accountability. If your infrastructure provider's quickstart guide shows your users a single-verifier configuration, and your enterprise integration teams approve that setup without flagging it as non-production, you don't get to call it an application-level configuration error after the fact. That's a support relationship failure as much as it is a security failure. Developers building on LayerZero, Wormhole, or any cross-chain messaging protocol should be asking explicitly: what happens if your infrastructure is targeted? What's your off-chain RPC diversity? What's your DDoS tolerance? The answers to those questions should be in writing before a bridge goes live.

Kelp DAO migrates rsETH to Chainlink after $292 million hack — and the migration itself is the right call. Whether it resolves anything about who was responsible for the exploit is a different question, and one that's heading toward a courtroom rather than a consensus.