Kelp DAO Disputes LayerZero’s Blame in $292 Million Exploit as Aave Weighs Fallout

• Kelp DAO has rejected LayerZero’s attempt to place responsibility for the $292 million exploit on its 1-of-1 DVN setup.
• The dispute comes as Aave continues to assess bad debt risks tied to the rsETH exploit and wider liquidity stress.

Kelp DAO is now openly contesting LayerZero’s version of events after the $292 million exploit that drained 116,500 rsETH and triggered wider concerns across DeFi lending markets.

In a statement posted on X, Kelp pushed back against LayerZero’s criticism of its 1-of-1 DVN configuration, arguing that the setup had not been improvised or chosen against guidance. According to Kelp, that configuration was the one documented in LayerZero’s own materials and shipped as the default for new OFT deployments.

Kelp says the disputed setup was LayerZero’s documented default

That response matters because LayerZero’s earlier report had framed Kelp’s configuration as a core weakness. On Sunday, LayerZero said the attacker, likely tied to North Korea’s Lazarus Group, gained access to the list of RPC nodes used by LayerZero Labs’ decentralized verified network, then poisoned two of those nodes and launched a DDoS attack to force acceptance of a fake cross-chain message.

LayerZero argued that Kelp’s 1-of-1 DVN arrangement created a single point of failure because it lacked the independent verification needed to catch the fraudulent message before an illegitimate transaction was signed.

Kelp, though, is drawing the line elsewhere. It said it has operated on LayerZero infrastructure since January 2024 and maintained an open channel with the team throughout. It also said the DVN setup was specifically discussed during its expansion to Layer 2, and that the default structure was “affirmatively confirmed as appropriate” at the time.

The blame dispute lands as Aave watches for bad debt

That disagreement is not merely reputational. It arrives while Aave examines bad debt scenarios tied to the exploit’s spillover effects, particularly around rsETH-linked positions and ETH liquidity stress.

Kelp’s statement suggested it wants the postmortem to move away from simple blame assignment and toward a shared technical record. “Establishing a shared and accurate account of what happened is the foundation for making the right fixes together,” the team wrote.

For now, that shared account does not exist. What exists instead is a growing split between infrastructure provider and protocol user, at a moment when one exploit has already become large enough to test not just bridge security, but the credibility of the systems and assumptions built around it.