Kelp Blames LayerZero for $292 Million Hack, Announces Shift to Chainlink Amid Ongoing Legal Fight

Kelp, a decentralized finance (DeFi) protocol, has formally blamed LayerZero for the $292 million exploit that gutted its liquidity, and is now accelerating plans to migrate its infrastructure to Chainlink. The accusation escalates a deepening confrontation between two major blockchain interoperability providers, with Kelp contending that a critical vulnerability in LayerZero's messaging infrastructure enabled the devastating attack. The protocol's decision to abandon LayerZero marks a significant reversal for a project that relied on the cross-chain bridge for core operations.

The $292 million hack represents one of the largest single exploits in the DeFi space in recent memory. Kelp's internal investigation, according to sources close to the matter, pointed directly to how LayerZero's technical architecture handled cross-chain message verification at the time of the breach. LayerZero has contested this characterization, maintaining that its protocol functions as designed and that user or protocol-level misconfigurations were the true cause. The dispute centers on whether LayerZero's omnichain fungible token (OFT) standard, which Kelp used, contains systemic weaknesses or whether implementation errors exposed the protocol.

LayerZero Labs is simultaneously defending against a separate $71 million court battle tied to the exploit. Kelp's migration to Chainlink's cross-chain interoperability protocol (CCIP) signals a broader recalibration of trust within the DeFi ecosystem, as protocols reassess their exposure to interoperability layers following high-profile failures. Industry watchers say the case could reshape how cross-chain bridges assign security responsibility and how courts evaluate liability in decentralized systems where multiple parties contribute to infrastructure failures.