2.9 億美元竊案誰扛責？Kelp DAO 甩鍋嗆：LayerZero「預設配置」害的

📄完整原文· 由 trafilatura 自動擷取Gemini 翻譯1301 字

A massive hack totaling $292 million has not only set the record for the largest theft in the DeFi space this year but has also sparked a blame game within the crypto community. Facing intense public scrutiny, the liquid restaking protocol Kelp DAO issued a statement on Monday, firmly pushing back against allegations of negligence and shifting the blame for the security breach onto the cross-chain technology provider LayerZero. Looking back at April 18, Kelp DAO, built on LayerZero’s cross-chain technology, was looted by hackers, resulting in the loss of 116,500 rsETH tokens, valued at approximately $292 million, marking the largest DeFi hack of the year. Regarding this attack, LayerZero was the first to release a preliminary investigation report on Sunday, pointing out that the mastermind behind the incident is likely the notorious North Korean hacker organization, Lazarus Group. The report revealed that the hackers first compromised the RPC node list used by the LayerZero Decentralized Verifier Network (DVN, a network of nodes responsible for verifying the authenticity of cross-chain messages). They then poisoned two of these RPC nodes and launched a DDoS attack on the remaining RPC nodes, forcing the system to switch to the compromised nodes. This allowed the DVN to receive fraudulent cross-chain messages and ultimately sign off on the unauthorized theft transaction. In the report, LayerZero criticized Kelp DAO for adopting a highly vulnerable "1-of-1 DVN" configuration. LayerZero emphasized that this design lacks independent verification mechanisms, effectively embedding a fatal "single point of failure" in the system, which prevented the network from intercepting the fraudulent cross-chain messages. LayerZero stated: "We and external experts had previously advised Kelp DAO multiple times that they should diversify their DVN node configuration to improve security, but despite these recommendations, Kelp insisted on using the 1-of-1 DVN configuration." Facing the harsh accusation of "ignoring advice," Kelp DAO immediately fired back on the social media platform X, pointing out that this "1-of-1 DVN configuration" that led to the disaster was actually facilitated by LayerZero itself. Kelp DAO retorted in its statement: The so-called single-point verification configuration is written in black and white in LayerZero's official technical documentation; it has always been the "default option" for any newly created Omnichain Fungible Token (OFT, a token standard that allows seamless token transfers across multiple chains). Since January 2024, Kelp has been running on LayerZero's infrastructure and has maintained open communication channels with the LayerZero team throughout. Kelp DAO further stated that when the protocol was preparing to expand to Layer 2, both parties had in-depth discussions regarding the DVN configuration, and the default setting of a single verification node was "explicitly confirmed as appropriate" by LayerZero at the time. "An accurate event reconstruction based on mutual consensus is the foundation for us to take the correct remedial measures together," Kelp DAO urged, implying that LayerZero should not be in such a rush to shirk responsibility at this moment. Although both sides are still engaged in a war of words over the responsibility for the security vulnerability, Kelp DAO emphasized that the team took decisive crisis management measures immediately after the incident, including emergency suspension of the relevant smart contracts and blacklisting all wallet addresses associated with the hackers, successfully containing the damage and preventing further losses. Currently, the Kelp team is carefully evaluating the next steps for security enhancements, striving to restore the protocol to safe operation as soon as possible.

資料狀態✓ 已擷取全文閱讀原文（區塊客）

🔍歷史類似事件· 關鍵字 + 標的比對6 則

2026-04-20

Kelp DAO 聲稱 LayerZero 的「預設」設定才是導致這場 2.9 億美元重大災難的真正原因

相似度 180%關鍵字 dao/layerzero/kelp

2026-04-21

Kelp DAO 竊案掀「DeFi 連鎖風暴」：Aave 恐吞最高 2.3 億美元壞帳

相似度 170%關鍵字 dao/kelp同分類 zh

2026-04-20

美國 Clarity Act 清晰度法案恐延期至 5 月！銀行業不滿「穩定幣收益」，Kelp DAO 又爆 2.9 億鎂駭案

相似度 170%關鍵字 dao/kelp同分類 zh

2026-04-19

Aave USDT 存借款 APY 衝上 15%！Kelp DAO 遇駭引爆避險潮，流動性被抽乾

相似度 170%關鍵字 dao/kelp同分類 zh

2026-04-19

Kelp DAO遭駭》Ethena、ether.fi 等 10+ DeFi 協議切斷 LayerZero 跨鏈橋連線，AAVE、ZRO 單日重挫逾 20%

相似度 170%關鍵字 layerzero/kelp同分類 zh

2026-04-19

DeFi 震撼彈：Kelp DAO 跨鏈橋遭駭，損失近 3 億美元並波及多個借貸協議

相似度 170%關鍵字 dao/kelp同分類 zh

💡 目前用關鍵字 + 標的比對（MVP）· 之後會升級為 embedding 語意搜尋

原始資訊

ID：b48dcbd327

來源：區塊客

發佈：2026-04-21 05:55:04

分類：zh_news · 導出分類 zh

標的：未指定

社群投票：+0 / −0 · ⭐ 0 重要 · 💬 0 留言