Setting the Record Straight Around the LayerZero Bridge Hack
Contents
Incident Details & Independent Researchers' Assessment
On 18 April 2026, attackers executed an exploit originating on LayerZero Labs’ infrastructure, resulting in $300M
+ of losses across DeFi protocols. Two additional forged transactions totaling $100M
+ were also signed and processed by the LayerZero Labs DVN, but were blocked after the Kelp team intervened and paused the contracts. Kelp prevented further damage to the DeFi ecosystem by acting ahead. However, the bridging infrastructure that LayerZero supported remained operational for an extended period of time after Kelp detected it and flagged it to them.
LayerZero has since claimed the root cause of the incident as a KelpDAO configuration issue. That framing does not match the facts. It is a matter of public domain that this 1-1 setup was not unique to Kelp. In fact, Public Dune analysis
found that, of approximately 2,665 unique LayerZero OApp contracts, 47% ran a 1-1 DVN security floor, 45% ran 2-2, …
On 18 April 2026, attackers executed an exploit originating on LayerZero Labs’ infrastructure, resulting in $300M
+ of losses across DeFi protocols. Two additional forged transactions totaling $100M
+ were also signed and processed by the LayerZero Labs DVN, but were blocked after the Kelp team intervened and paused the contracts. Kelp prevented further damage to the DeFi ecosystem by acting ahead. However, the bridging infrastructure that LayerZero supported remained operational for an extended period of time after Kelp detected it and flagged it to them.
LayerZero has since claimed the root cause of the incident as a KelpDAO configuration issue. That framing does not match the facts. It is a matter of public domain that this 1-1 setup was not unique to Kelp. In fact, Public Dune analysis
found that, of approximately 2,665 unique LayerZero OApp contracts, 47% ran a 1-1 DVN security floor, 45% ran 2-2, …