Kelp Migrates To Chainlink, Doubles Down On LayerZero Allegations

• Kelp insists the near-$300 million heist in mid-April was due to a LayerZero flaw, not on its infrastructure.
• The platform is finalizing its migration to Chainlink CCIP, while shifting rsETH to Chainlink’s CCT standard.

The blame game is not yet over between Kelp, a liquid restaking protocol, and LayerZero (ZRO), an omnichain messaging protocol, following the nearly $300 million hack that rocked their ecosystems. Meanwhile, the former revealed that it’s migrating to Chanlink’s (LINK) decentralized oracle network.

Kelp’s Side of the Story on the Near $300M Exploit

On April 18, hackers linked to the North Korean-sponsored Lazarus Group took advantage of an exploit on Kelp to mint 116,500 Restaked ETH (rsETH). Then, the perpetrators routed the assets into Aave (AAVE), a decentralized liquidity protocol, to borrow 106,497 Ethereum (ETH) tokens. The assets were valued at $292 million to $294 million at the time of the incident.

Kelp paused all contracts immediately upon discovery of the attack. Additionally, it managed to block two more forged transactions amounting to $100 million thereafter.

The platform initially called the event an “attack on LayerZero’s infrastructure.” However, the latter blamed Kelp for maintaining a 1-1 instead of the recommended multi-DVN (Decentralized Verifier Network) configuration for network diversity and security redundancy.

Even David Schwartz, CTO Emeritus of Ripple, chimed in on the discussion. He agreed that LayerZero has sufficiently advanced security protocols, which Kelp didn’t use out of convenience.

Kelp fired back at LayerZero again late Tuesday evening, arguing that 47% of OApps (Omnichain Applications) employed the same setup and that 90% of messages on the infrastructure utilized one or two DVNs. Likewise, LayerZero promoted and shipped its DVN under a default 1-1 configuration, and Kelp only followed its guidance.

Moreover, Kelp pointed out that LayerZero itself acknowledged the DVN compromise but remained mostly quiet about the infiltration of its network, monitoring failures, and security flaws. It also allegedly stopped signing 1-1 configs only after the exploit.

Migration to Chainlink

To protect its ecosystem against similar attacks, Kelp elected to enhance its third-party cross-chain security by migrating to the Chainlink Cross-Chain Interoperability Protocol (CCIP). It is also transitioning its rsETH from the LayerZero OFT (Omnichain Fungible Token) standard to Chainlink’s Cross-Chain Token (CCT) standard.

Kelp believes Chainlink’s decentralized oracle network provides a high-security foundation for cross-chain communication, which is a significant step up from LayerZero. The platform’s core team confirmed that it’s already finalizing the operational details of the shift to Chainlink CCIP.

Amid the huge setback, Kelp maintains around $1.63 billion in total value locked (TVL), signifying its resilient community despite the massive capital outflow following the breach.

The post Kelp Migrates To Chainlink, Doubles Down On LayerZero Allegations appeared first on Blockzeit.