Kelp DAO became the first to abandon LayerZero’s main protocol and switch to Chainlink CCIP

According to a May 5 report by The Block, decentralized finance lending protocol Kelp DAO announced it would drop LayerZero as its cross-chain infrastructure provider and instead adopt Chainlink’s cross-chain interoperability protocol (CCIP). Kelp DAO is “the first major protocol to abandon LayerZero since the LayerZero vulnerability incident.”

Specific details of Kelp DAO’s migration to Chainlink CCIP

According to an official announcement from Kelp DAO, rsETH will move to adopt the Cross-Chain Token (CCT) standard in parallel. In the announcement, Kelp DAO said: “KelpDAO’s migration to Chainlink CCIP directly addresses the core architectural flaws behind the exploit.”

According to The Block, Chainlink’s Decentralized Oracle Network (DON) requires at least 16 independent node operators to validate cross-chain transactions; Chainlink infrastructure has supported more than $30 trillion in cross-chain transaction volume to date.

Background on LayerZero setup controversy and attack technology

According to The Block, in an attack on April 18, 2026, an attacker allegedly linked to North Korean Lazarus exploited a single-verifier configuration vulnerability in the LayerZero-supported Omnichain Fungible Token (OFT) bridge to steal 116,500 rsETH from Kelp DAO.

On accountability, LayerZero criticized the 1-to-1 decentralized verifier network setup used by Kelp DAO, claiming it had warned against using a single-verifier configuration. An analysis cited by Kelp DAO and The Block, however, indicates that 1-to-1 setup is LayerZero’s default suggested onboarding configuration, and at the time of the attack, about 47% of the 2,665 LayerZero applications were running the same single-verifier configuration. After the attack, LayerZero announced it would stop signing for single-verifier configurations.

DeFi United recovery plan and Arbitrum DAO legal lawsuit

According to The Block, as part of the DeFi United plan formed after the attack, LayerZero donated about 10,000 ETH (including a $5,000 ETH donation to Aave, plus providing 5,000 ETH as a loan). The DeFi United plan has raised more than $300 million in cryptocurrency.

According to The Block, over the weekend this week, a person who claims to be a victim of the North Korean hacker attack filed a lawsuit against Arbitrum DAO, seeking to forfeit 30,766 ETH that its security committee had frozen following the Kelp DAO vulnerability incident. Arbitrum DAO had previously voted to release the above ETH to the DeFi United platform. Aave submitted an emergency motion on Monday, seeking to withdraw the lawsuit and lift the temporary restraining orders on the relevant funds.

FAQ

Which source confirmed as the first migration protocol Kelp DAO’s migration to Chainlink CCIP?

According to The Block, Chainlink confirmed to The Block that Kelp DAO is the first major protocol to abandon LayerZero since the LayerZero vulnerability incident; the migration simultaneously adopted the CCT standard.

What was the core disagreement behind the controversy over LayerZero 1-of-1 setup?

According to The Block, LayerZero said it had warned against using a single-verifier configuration. An analysis cited by Kelp DAO and The Block states that the 1-to-1 setup was LayerZero’s default suggested configuration, and at the time of the attack, about 47% of LayerZero applications used the same configuration.

What legal developments are Arbitrum DAO and the DeFi United plan currently facing?

According to The Block, a person claiming to be a victim of the North Korean hacker attack filed a lawsuit against Arbitrum DAO, seeking forfeiture of the frozen 30,766 ETH. Aave submitted an emergency motion on Monday, seeking to withdraw the lawsuit and lift the temporary restraining orders.