KelpDAO migrates rsETH to Chainlink CCIP, continues mutual blame with LayerZero over $292 million attack

Odaily reports that Kelp DAO has announced the migration of its restaking token rsETH to Chainlink CCIP, citing enhanced security as the reason for this move. Previously, a cross-chain bridge built by Kelp DAO on LayerZero was attacked on April 18, with hackers stealing approximately 116,500 rsETH, valued at around $292 million, and using the assets as collateral to borrow WETH on Aave v3.

Regarding the cause of the vulnerability, LayerZero previously stated that the issue stemmed from Kelp DAO using a single DVN verification path configuration rather than multiple independent verifications. Kelp DAO responded that this configuration was the default setting and that LayerZero had confirmed its security without flagging any related risks. LayerZero CEO Bryan Pellegrino subsequently denied this claim, stating that Kelp DAO had proactively modified the default multi-DVN configuration. Both parties continue to dispute responsibility for the incident. (Cointelegraph)