KelpDAO announced it will migrate rsETH bridging from LayerZero to Chainlink CCIP. The decision follows the April 18 exploit that drained $292 million in restaked ETH.
Author: Sahil Thakur
6th May 2026 – KelpDAO announced it will migrate rsETH bridging from LayerZero to Chainlink CCIP. The decision follows the April 18 exploit that drained $292 million in restaked ETH.
High Signal Summary For A Quick Glance
Zach Rynes | CLG
@ChainLinkGod
@KelpDAO @chainlink Smart move to migrate to Chainlink CCIP for secure cross-chain infra 🤝
After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to @chainlink CCIP. From the April 18 incident, it is clear that LayerZero's own infrastructure was exploited, resulting in $300M in losses across DeFi. https://t.co/beIrfZZLlh
08:38 PM·May 5, 2026
Adam “Link” Smith
@AdamLinkSmith
@KelpDAO @chainlink smart move migrating to CCIP others who are not already on the Chainlink cross-chain standard should seriously consider migrating to CCIP as well. CCIP is the most secure cross-chain infrastructure https://t.co/m53yjXiQpo
Sergey explains why CCIP is the most secure cross-chain infrastructure “CCIP has many individual key security design decisions, but three of the larger ones that I tend to think about when I look at its security compared to other cross-chain systems would be the amount of https://t.co/xqkeNwnMt9
08:24 PM·May 5, 2026
David Marquart ⬡
@MarquartCapital
@KelpDAO @nullpackets @chainlink congrats on upgrading to the institutional standard
After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to @chainlink CCIP. From the April 18 incident, it is clear that LayerZero's own infrastructure was exploited, resulting in $300M in losses across DeFi. https://t.co/beIrfZZLlh
08:13 PM·May 5, 2026
Steady attention without excessive speculation.
The announcement came on May 5 via X. As a result, KelpDAO framed the move as an “immediate next step” in security hardening. Attackers had exploited LayerZero’s off-chain infrastructure to forge a cross-chain message and unlock 116,500 rsETH from the bridge escrow.
On April 18 at 17:35 UTC, attackers forged a cross-chain message from Unichain. The forged message triggered KelpDAO’s rsETH OFT adapter on Ethereum mainnet to release 116,500 rsETH.
The attack targeted LayerZero’s off-chain infrastructure rather than smart contracts. According to Chainalysis, attackers compromised two RPC nodes used by the Decentralized Verifier Network (DVN). They then swapped node binaries to feed forged PacketSent events.
Simultaneously, attackers DDoS’d the remaining healthy nodes. This forced failover to the compromised ones. Because KelpDAO ran a 1-of-1 DVN configuration, one compromised verifier was enough.
The Executor then called lzReceive() on the rsETH adapter. Because on-chain verification passed, the tokens were released. Galaxy Research confirmed KelpDAO’s single-DVN setup enabled the attack.
LayerZero Labs stated the incident was “isolated to KelpDAO’s rsETH configuration.” They maintained that “the LayerZero protocol itself functioned exactly as intended.” In their view, KelpDAO’s single-DVN choice created the vulnerability.
KelpDAO pushed back in their May 5 announcement. They wrote: “It is clear that LayerZero’s own infrastructure was exploited.” They also cited “independent reports from SEAL 911, Chainalysis, and other major leading security researchers.”
Chainalysis sided closer to KelpDAO’s framing in their April 23 report. They stated: “The target of the attack was not KelpDAO’s own contracts nor the LayerZero contracts themselves.” Instead, it was “the off-chain infrastructure that LayerZero Labs operated.”
Security firms have preliminarily attributed the attack to North Korea’s Lazarus Group.
Within 48 hours, DeFi total value locked dropped roughly $13-14 billion. Specifically, TVL fell from approximately $99.5 billion to $86 billion. Aave alone lost around $8.45 billion after freezing rsETH markets.
Meanwhile, the rsETH peg broke on Layer 2 networks. At least nine protocols froze rsETH-related activity as a result. The ZRO token also fell between 3% and 18% in the following days.
As of May 6, approximately $71 million in linked ETH remains frozen on Arbitrum. The Arbitrum Security Council ordered the freeze, but it remains under legal dispute. Some stolen funds have reportedly moved through THORChain.
The KelpDAO Chainlink CCIP migration replaces LayerZero’s OFT standard with Chainlink’s Cross-Chain Token standard. The key architectural difference is redundancy.
Under LayerZero, applications configure their own security through DVNs. KelpDAO chose a 1-of-1 setup, so a single verifier controlled the entire flow. LayerZero has since banned this configuration.
In contrast, Chainlink CCIP uses three separate oracle networks. These include a committing DON, an executing DON, and a dedicated Risk Management Network. Each runs independent codebases, so compromising one is not enough.
The migration requires new adapter contracts. Existing rsETH holders should not need a full token migration in most cases. No public governance proposal or timeline exists as of May 6, 2026.
LayerZero vs. Chainlink CCIP: cross-chain security comparison
Community sentiment on X strongly favors the migration. Many users tagged $LINK and framed the move as validation for Chainlink’s security approach. Prominent voices like @ChainLinkGod and @0xZodomo focused on the security upgrade.
Some defenders of LayerZero argue the exploit resulted from KelpDAO’s configuration, not a protocol flaw. They note that multi-DVN setups would have prevented the attack.
The broader question remains open. Will other major OFT issuers follow KelpDAO? As of May 6, no other protocol has announced a similar migration. But the $292 million loss has put bridge security under intense scrutiny.
KelpDAO has not published a detailed migration timeline yet. The May 5 announcement describes the CCIP move as an “immediate next step.” No governance vote or specific date has been shared publicly.
Existing rsETH holders should expect changes at the adapter level. In most cases, tokens will migrate to the new standard automatically. No manual action should be required for the majority of holders.
For now, the focus remains on fund recovery and security hardening. The full list of affected protocols has not been disclosed yet. Whether stolen funds are recoverable remains unclear because of THORChain laundering and the Arbitrum legal dispute.
This is not financial advice. Readers holding rsETH should monitor official KelpDAO channels for migration updates.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
KelpDAO Migrates rsETH to Chainlink CCIP After $292M Hack
Drift Protocol Recovery Plan Targets $295M in User Losses
OnRe Raises $5M Series A to Scale On-Chain Reinsurance on Solana
Multicoin Capital Stakes $82M HYPE on Hyperliquid
KelpDAO Migrates rsETH to Chainlink CCIP After $292M Hack
Drift Protocol Recovery Plan Targets $295M in User Losses
OnRe Raises $5M Series A to Scale On-Chain Reinsurance on Solana
Multicoin Capital Stakes $82M HYPE on Hyperliquid
