The nearly $300M DeFi exploit is turning into a blame fight, with LayerZero flagging risks and KelpDAO saying it followed the default.
KelpDAO and LayerZero are now openly clashing over who’s responsible for the setup behind the nearly $300 million exploit, the largest DeFi exploit so far in 2026 that has spilled into lending markets.
In a Monday post on X, LayerZero said Kelp was running a “1-of-1” setup, which is basically a single checkpoint, and had been told to diversify it.
Read also: Tether Backs Drift With $148M After $280M Crypto Exchange Hack
Now KelpDAO is pushing back, saying in an X update that the same setup was the documented default and was “affirmatively confirmed as appropriate” during earlier discussions. The dispute boils down to whether Kelp ignored safety practices or just followed what was shipped.
LayerZero implied the design created a single point of failure, which is how a forged message slipped through. The project wrote in the X post:
“LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration.”
But KelpDAO pushes back in its latest update on X, saying the problem was in LayerZero’s infrastructure:
“The 1-of-1 DVN setup is the configuration documented in LayerZero’s documentation and shipped as the default for any new OFT deployment.”
The project also pointed to two compromised nodes plus a DDoS attack on a third.
KelpDAO added that the attack was “on LayerZero’s infrastructure,” noting that “Kelp’s own systems were not involved in building or operating that infrastructure.”
The Largest DeFi Exploit of 2026, So Far
The clash follows a DeFi exploit that drained about 116,500 rsETH, worth roughly $292 million, on April 18. A second attempt to pull another roughly $95 million was blocked after KelpDAO slammed the brakes.
Things escalated fast once the attacker, allegedly linked to TraderTraitor, a DPRK state group, pushed deeper into the system.
- Around 89,567 rsETH, valued at roughly $221 million, was funneled into Aave as collateral. That move unlocked 82,650 WETH and 821 wstETH in borrowed funds, leaving positions hanging dangerously close to the edge.
- Now, blockchain sleuth ZachXBT said in a Telegram update that part of the funds had already started moving, with about $1.5 million bridged from Ethereum to Bitcoin using THORChain and Umbra to obscure the trail.
On the response side, the Arbitrum Security Council froze 30,766 ETH, around $71 million, tied to the exploit. Aave is now also modeling potential bad debt between about $123 million and $230 million, depending on how losses are handled.
Read more: Crypto Hosting Vercel Confirms Breach as Hackers Seek $2M for Stolen Data
