Live Wire
11:58ZFRONTLINEICockroach Janta Party | Anger is not an ideologyKhalid Akhterhttps://frontline.thehindu.com/the-nation/cockro…11:57ZFRONTLINEIAndhra Pradesh's AI data centre push sparks environmental concerns11:57ZWFWITNESSCardboard cutout of Iran's Supreme Leader Mojtaba Khamenei seen at Tel-Aviv Pride Parade11:56ZTHECANARYULabour pushes bill to change political funding rules, critics say11:56ZWARTRANSLAUkrainian border guards destroy Russian drones, ground robot, howitzer, vehicle in border region11:54ZRNINTELBloomberg confirms two sides may sign memorandum of understanding soon11:53ZBRICSNEWSNetanyahu said Iran would not possess a nuclear weapon as long as he remains in office11:53ZINDIANEXPRMan wins 19,700 rupees from Reliance Jio for slow internet speed11:58ZFRONTLINEICockroach Janta Party | Anger is not an ideologyKhalid Akhterhttps://frontline.thehindu.com/the-nation/cockro…11:57ZFRONTLINEIAndhra Pradesh's AI data centre push sparks environmental concerns11:57ZWFWITNESSCardboard cutout of Iran's Supreme Leader Mojtaba Khamenei seen at Tel-Aviv Pride Parade11:56ZTHECANARYULabour pushes bill to change political funding rules, critics say11:56ZWARTRANSLAUkrainian border guards destroy Russian drones, ground robot, howitzer, vehicle in border region11:54ZRNINTELBloomberg confirms two sides may sign memorandum of understanding soon11:53ZBRICSNEWSNetanyahu said Iran would not possess a nuclear weapon as long as he remains in office11:53ZINDIANEXPRMan wins 19,700 rupees from Reliance Jio for slow internet speed
Markets
S&P 500742.64 0.66%Nasdaq25,810 2.54%Nasdaq 10029,446 3.29%Dow513.33 0.78%Nikkei92.71 0.57%China 5035.28 1.06%Europe89.46 0.00%DAX42.27 0.00%BTC$63,729 1.21%ETH$1,673 0.65%BNB$606.41 1.10%XRP$1.14 1.64%SOL$66.89 1.61%TRX$0.3119 2.96%DOGE$0.0868 1.80%HYPE$59.3 4.17%LEO$9.52 0.43%RAIN$0.0131 1.31%QQQ$721.06 0.55%VOO$682.8 0.67%VTI$366.95 0.73%IWM$292.85 0.84%ARKK$76.38 1.22%HYG$79.98 0.05%Gold$386.1 0.06%Silver$60.78 0.07%WTI Crude$126.49 1.81%Brent$48.42 1.44%Nat Gas$11.11 0.45%Copper$39 0.15%EUR/USD1.1537 0.00%GBP/USD1.3364 0.00%USD/JPY160.54 0.00%USD/CNY6.7774 0.00%S&P 500742.64 0.66%Nasdaq25,810 2.54%Nasdaq 10029,446 3.29%Dow513.33 0.78%Nikkei92.71 0.57%China 5035.28 1.06%Europe89.46 0.00%DAX42.27 0.00%BTC$63,729 1.21%ETH$1,673 0.65%BNB$606.41 1.10%XRP$1.14 1.64%SOL$66.89 1.61%TRX$0.3119 2.96%DOGE$0.0868 1.80%HYPE$59.3 4.17%LEO$9.52 0.43%RAIN$0.0131 1.31%QQQ$721.06 0.55%VOO$682.8 0.67%VTI$366.95 0.73%IWM$292.85 0.84%ARKK$76.38 1.22%HYG$79.98 0.05%Gold$386.1 0.06%Silver$60.78 0.07%WTI Crude$126.49 1.81%Brent$48.42 1.44%Nat Gas$11.11 0.45%Copper$39 0.15%EUR/USD1.1537 0.00%GBP/USD1.3364 0.00%USD/JPY160.54 0.00%USD/CNY6.7774 0.00%
CLOSEDNYSEopens in 1h 28m
themonexus.
Vol. I · No. 163
Friday, 12 June 2026
12:01 UTC
  • UTC12:01
  • EDT08:01
  • GMT13:01
  • CET14:01
  • JST21:01
  • HKT20:01
← back to Saturday edition◉ LIVE ON THE WIREfollow this thread in real time
Investigations

LayerZero and Kelp DAO Trade Blame Over $292M rsETH Bridge Exploit

Kelp DAO has migrated $292 million in rsETH off LayerZero's infrastructure to Chainlink's CCIP following a hack linked to North Korean state actors, as LayerZero's CEO contests the blame assignment.
By Monexus Staff Writerglobal5-minute read6 May 2026☆ Save↗ Share⎙ Print
Kelp DAO has migrated $292 million in rsETH off LayerZero's infrastructure to Chainlink's CCIP following a hack linked to North Korean state actors, as LayerZero's CEO contests the blame assignment.
Kelp DAO has migrated $292 million in rsETH off LayerZero's infrastructure to Chainlink's CCIP following a hack linked to North Korean state actors, as LayerZero's CEO contests the blame assignment. / DECRYPT · via Monexus Wire

The cryptocurrency industry's second-largest hack of 2026 has crystallised into a public dispute between a liquid restaking protocol and the cross-chain infrastructure provider it had relied upon. Kelp DAO confirmed on 5 May 2026 that it had migrated $292 million in rsETH off LayerZero's Omnichain Fungible Token (OFT) standard to Chainlink's Cross-Chain Interoperability Protocol (CCIP), days after attackers linked to North Korean state actors drained the funds through what Kelp described as a flaw in LayerZero's configuration. LayerZero's co-founder and CEO Bryan Pellegrino has rejected that characterisation, tellingCoinTelegraph on 6 May that an independent postmortem by external security firms would soon be published and would complicate Kelp's framing.

The scale of the exploit — which represents the second-largest DeFi hack this year — has amplified pressure on both parties to demonstrate accountability to their respective user bases and to the broader ecosystem. Cross-chain bridges have become load-bearing infrastructure for decentralised finance, moving billions of dollars in assets between networks; when that infrastructure fails at scale, the reputational and financial consequences ripple across every protocol that depends on it. Kelp DAO's decision to migrate wholesale to a competitor's standard signals that, at least in the protocol's own assessment, the dispute is not merely a technical disagreement but a question of trust.

What Kelp DAO Claims Happened

According to the explanation Kelp DAO advanced through its official channels and as reported by CryptoBriefing, the attackers exploited a specific configuration within LayerZero's OFT standard that, in Kelp's view, should not have been approved or should have been flagged as unsafe. The OFT standard allows tokens to be minted and transferred across multiple chains from a single canonical contract; if the configuration governing which chains can receive a token, and under what conditions, is set incorrectly, the door opens to untrusted minting. Kelp's position is that LayerZero approved the setup that created this exposure — a claim that, if sustained, would shift liability for the exploit from Kelp's own operational decisions onto LayerZero's infrastructure design.

The exploit itself has been attributed by multiple blockchain analytics firms to actors with links to the Lazarus Group, the North Korean state-sponsored hacking operation responsible for billions in cryptocurrency thefts over the past decade, including the 2022 Ronin Bridge hack and the 2024 DMM Bitcoin theft. North Korean cyber operations have shown particular sophistication in targeting bridge infrastructure precisely because bridges concentrate large volumes of assets in a single contract. The $292 million figure places this attack among the five largest crypto exploits on record.

LayerZero's Rebuttal

Pellegrino's pushback suggests LayerZero believes the fault lies not in the OFT standard itself but in how Kelp DAO configured and deployed it. In an exchange reported by CoinTelegraph, the LayerZero CEO disputed that the infrastructure was to blame and indicated that external security researchers had been engaged to conduct a postmortem examination of the incident. That postmortem has not yet been published as of this article's filing, and its conclusions will be pivotal: if the review finds that Kelp's configuration deviated from recommended practices, LayerZero's infrastructure will be exonerated; if it finds that the OFT standard contains structural vulnerabilities that were not adequately disclosed, Kelp's migration decision will be validated.

The dispute carries high stakes for LayerZero's broader business. The OFT standard is one of the protocol's flagship products, and several other DeFi protocols currently use it for cross-chain token deployments. Any suggestion that the standard contains systemic vulnerabilities could prompt a wider migration wave and accelerate consolidation toward Chainlink's CCIP, which has positioned itself as the more conservative, enterprise-grade cross-chain option. Chainlink's CCIP uses a different architecture — relying on a risk management layer and a dedicated token transfer mechanism — that its advocates argue is harder to misconfigure in ways that allow untrusted minting.

The Structural Problem With Cross-Chain Bridges

What this episode exposes is not merely a bilateral dispute but a structural fragility in how decentralised finance handles cross-chain asset movement. Bridges operate by trust-minimising assumptions about the relationship between origin and destination chains; if those assumptions break down — through misconfiguration, through novel attack vectors, or through the emergence of state actors with sufficient technical skill to exploit both — the losses can be catastrophic. The DeFi ecosystem has seen this pattern repeatedly: the Wormhole bridge hack in 2022, the Nomad bridge hack later that year, Ronin in 2022, and now this Kelp exploit. Each time, the post-incident review produces new security practices; each time, those practices are adopted unevenly across the ecosystem.

The North Korean attribution is not incidental. Lazarus Group's crypto operations are understood to be a significant revenue source for the Democratic People's Republic of Korea's weapons programme, and the group's technical capabilities have historically outpaced the defensive postures of the DeFi protocols it targets. This means that even protocols with sound engineering fundamentals can be caught out by attackers who have the patience to map configurations, identify edge cases, and time their exploits to maximise extraction. The $292 million figure represents, in a very concrete sense, a transfer of value from DeFi participants to a sanctioned foreign state's military budget — a detail that is frequently lost in the technical framing of these incidents.

What Remains Unresolved

Several factual questions remain open as of filing. The precise mechanism by which the attackers generated untrusted rsETH mints has not been publicly disclosed by Kelp DAO or by LayerZero; both parties appear to be awaiting the results of the independent postmortem before committing to a detailed technical account. The sources do not indicate whether Kelp DAO has filed a formal complaint with law enforcement, though the North Korean attribution would typically trigger coordination with the FBI and with OFAC's sanctions apparatus. The broader question of whether LayerZero's OFT standard contains vulnerabilities that affect other deployed protocols — and whether those protocols have been notified — is also unaddressed in the available source material.

The migration to Chainlink's CCIP resolves Kelp DAO's immediate exposure but does not resolve the industry's structural vulnerability to bridge exploits. CCIP's risk management layer adds friction and cost to cross-chain transfers that some DeFi users may find unacceptable; whether it materially reduces the probability of a future exploit at this scale remains to be demonstrated in practice. What is clear is that the $292 million that moved out of Kelp DAO on the night of the exploit did not move quietly — it moved through infrastructure that the industry collectively depends on, and its departure has left behind a dispute that will define how cross-chain security responsibilities are assigned for years to come.

Kelp DAO's migration to Chainlink CCIP is underway as of this article's filing. LayerZero's postmortem is expected within the coming week.

Wire provenance

This editorial synthesis draws on the following public wire/social posts:

  • https://t.me/CryptoBriefing/99999
© 2026 Monexus Media · reported from the wire