LayerZero Blames Inadequate Setup for $290 Million DeFi Exploit

A significant cyber attack has affected decentralized finance (DeFi) protocols Kelp DAO and Aave, resulting in approximately $290 million in losses. The incident is linked to an inadequate setup by Kelp using LayerZero's decentralized verifier network (DVN), which relied on a single verification path.

According to LayerZero, the exploit was enabled due to a singles point of failure in Kelp's configuration, which failed to diversify its DVN as recommended. This setup allowed malicious actors to drain 116,500 Restaked ETH (rsETH), worth around $293 million at the time.

The incident has sparked debate among analysts regarding who should bear the losses. Some argue that Kelp DAO or LayerZero should absorb the costs, while others propose socializing the loss among all users or attempting to recover funds through negotiations with the hacker.