Kelp DAO Hack Reignites Debate Over Cross-Chain Bridges and Layer 2 Security

Author: Gu Yu, ChainCatcher More than 40 hours after funds were stolen from Kelp DAO, the fallout is still expanding. Major names including Aave, LayerZero, and Arbitrum have been pulled into the dispute, and some once-popular narratives are now being openly questioned. On X, prominent KOL Feng Wuxiang claimed that only ETH is "safe" at this point, arguing that Arbitrum has effectively authorized the freezing of users' assets and that "none of the L2s are real L2s anymore." Another well-known commentator, Lanhu, said the biggest loser was neither Aave nor Kelp, but LayerZero—though he also warned against misreading the incident. In his view, the core issue is less a rejection of Layer 2s (even "fake" L2s) than a rejection of cross-chain bridges. As opinions intensify, each party is defending its position and shifting blame. The Kelp DAO exploit has become a textbook case for examining how responsibility is assigned after a security incident, and how pragmatism clashes with technological fundamentalism. I. Has LayerZero been "disproven"? Cross-chain bridges take the hardest hit The turning point was LayerZero's incident report released yesterday. The report preliminarily attributes the attack to the Lazarus Group, believed to have ties to North Korea. According to LayerZero, the attackers compromised downstream RPC infrastructure relied on by its decentralized verification network (DVN), took control of certain RPC nodes, and coordinated DDoS attacks to force failover to malicious nodes, enabling forged cross-chain transactions. "Poisoning the RPC infrastructure via compromised nodes, combined with DDoS attacks on unaffected RPCs to force a failover, is an extremely sophisticated approach. This is essentially infrastructure warfare," said Samuel Tse, Head of Investment and Partnerships at Animoca Brands. LayerZero concluded that the protocol behaved exactly as designed and that no protocol vulnerabilities were found. It emphasized its modular security model, claiming the incident was isolated to a single application with zero contagion risk to other OFTs or OApps. That tone triggered a strong backlash. Critics argued LayerZero effectively absolved itself, placing the blame on Kelp DAO's configuration. Researcher CM questioned why a 1/1 setup was permitted in the first place, how attackers obtained access to internal RPC lists, and why failover logic trusted a compromised RPC without halting validation or taking minimal safeguards. DeFi developer banteg also objected to the framing, saying the report described "RPC poisoning" but did not explain how the infrastructure intrusion happened, adding that he would not rush to re-enable the bridge. Kelp DAO later responded that the exploited single-validator (1/1) configuration was not an intentional deviation from best practices but the default setting described in LayerZero's official guidelines. It also argued that the DVN attacked was LayerZero's own infrastructure. Dune data cited in the discussion shows that among 2,665 OApp contracts built on LayerZero, 47% use a 1/1 DVN configuration—a single verification mechanism that can amplify systemic risk. Market consensus is that even if LayerZero itself was not directly hacked, it has absorbed the largest reputational damage. Critics say the project must pay a price for allowing weak configurations to proliferate, propose concrete technical changes, and potentially assume more responsibility in compensation efforts—or risk a collapse in confidence around the cross-chain narrative. II. Is Layer 2 "dead"? Arbitrum's unprecedented freeze The Layer 2 debate was sparked by Arbitrum's intervention. Around noon today, the Arbitrum Security Council announced an emergency action to secure 30,766 ETH held by the hacker at an Arbitrum One address, worth about $71 million at current prices. Arbitrum said that after extensive technical investigation and deliberation, the Security Council identified and implemented a solution to move the funds to a secure location without impacting other chain state or Arbitrum users. The original address can no longer access the ETH; only Arbitrum governance can authorize further movement of the funds, in coordination with relevant parties. According to industry sources, the Security Council used a privileged state override transaction type (part of ArbOS but rarely used) that allows the attacker's private key to continue signing transactions while the ETH at that address is moved by the chain itself. This mechanism bypasses the private key entirely and can only be injected through chain-controlled pathways (sequencer / ArbOS upgrade route), overseen by the Arbitrum Security Council. The Arbitrum Security Council is reported to comprise 12 members elected by the Arbitrum DAO, with decisions requiring approval by at least 9 of the 12. The move surprised many observers. Arbitrum, long viewed as a leading Layer 2 solution, was generally not expected to have the practical ability to freeze or redirect users' ETH in a way that resembles administrative control. In previous hacks, centralized issuers like Tether and Circle have often frozen stolen USDT and USDC quickly. ETH, as a native asset, has rarely been subject to comparable intervention by a chain itself. That reality exceeded the expectations of most users. Supporters argue this is a feature rather than a flaw, suggesting that critical moments may require coordinated action and that future adoption by companies, banks, and regulated institutions may depend on such operational levers. Technologists and decentralization purists see it differently, warning that "no private key required, no authorization needed—direct transfers" resets assumptions about what Layer 2 decentralization actually means. Lan Hu framed it as crossing DeFi's ideological red line: "Not your keys, not your coins." The incident again highlights crypto's enduring trade-off: pragmatic security controls versus uncompromising decentralization. Conclusion: two narratives on trial, and a looming compensation problem LayerZero's insistence that "the protocol is operating exactly as intended" may be technically defensible, but it has come at the cost of public trust. Arbitrum's privileged transfer rescued user funds, yet it has also weakened the Layer 2 decentralization narrative. The Kelp theft effectively puts two headline narratives under scrutiny: Are cross-chain bridges foundational infrastructure or risk amplifiers? Is Layer 2 a credible extension of Ethereum, or a decentralized veneer over something closer to a secondary bank? The situation has also formed an ironic loop: a protocol marketed as decentralized failed due to a "single point of failure," then relied on another protocol's centralized emergency powers to contain the damage. The industry is being forced to confront a question it rarely answers directly: when decentralization ideals collide with the real-world cost of security, what are we willing to give up? Beyond narratives, compensation is the practical battleground. Despite Arbitrum's recovery of more than $70 million in ETH, Aave still faces nearly $200 million in bad debt. User protection and loss allocation remain unresolved. Aave outlined two potential approaches today: (1) socialize losses across all rsETH holders, with Kelp DAO applying an across-the-board write-down of roughly a 15% depeg for rsETH (mainnet + L2); or (2) assign losses only to L2 rsETH holders, keeping mainnet rsETH at par. Kelp DAO and LayerZero have not clarified how they will participate in any compensation plan. Given LayerZero's effort to distance itself from responsibility in its report, critics argue the project is signaling that "no responsibility" means no obligation to compensate. That stance, coming from a multi-billion-dollar protocol used as core infrastructure by hundreds of projects, has intensified skepticism over what "foundational infrastructure" should mean in practice. With each stakeholder attempting to minimize exposure through responsibility-splitting rather than collective repair, the situation resembles a classic prisoner's dilemma—and for DeFi, it may be one of the most dangerous versions yet.