47% of LayerZero OApps at Risk After $292M Kelp DAO Hack

The $292 million exploit of Kelp DAO on April 18, 2026, has exposed a critical security flaw in LayerZero’s interoperability protocol. According to a study by Dune Analytics, 47% of LayerZero-powered omnichain applications (OApps) currently operate with the same vulnerable 1-of-1 Decentralized Verifier Network (DVN) configuration that enabled the attack. The combined exposure of these at-risk assets exceeds $4.5 billion.

The Exploit: What Went Wrong?

Kelp DAO’s misconfigured 1-of-1 DVN setup allowed a single compromised verifier to mint 116,500 unbacked rsETH tokens, valued at $292 million. These tokens were then used as collateral on Aave to borrow $230 million worth of assets, pushing the bad debt onto the lending platform. This vulnerability contradicts LayerZero’s recommended 2-of-2 DVN setup, which requires multiple independent verifiers to approve cross-chain messages, adding a layer of security.

Investigators have linked the attack to North Korea’s Lazarus Group, a hacking syndicate notorious for high-profile crypto heists. The exploit targeted LayerZero’s off-chain infrastructure, poisoning RPC nodes and effectively hijacking the DVN validation process.

Key Assets at Risk

The Dune Analytics report highlighted that Tether’s omnichain stablecoin, USDT0, represents the largest portion of the exposed $4.5 billion. USDT0’s Ethereum, Optimism, and Base deployments utilize the risky 1-of-1 configuration. With a circulating supply of $4.065 billion, USDT0 accounts for 87% of the identified risk. While the majority of USDT0’s cross-chain activities are secured by 2-of-2 configurations, a breach in these specific contracts could have cascading effects across lending markets and beyond.

Other vulnerable assets include Pendle Finance’s PENDLE token ($229 million market cap) and Aethir’s ATH token ($117 million market cap). However, these tokens are less likely to be exploited as they are rarely accepted as collateral on major lending platforms, unlike USDT0.

Implications for DeFi

The Kelp DAO incident underscores the systemic risk posed by the 1-of-1 DVN configuration. Industry best practices recommend redundancy and diversity in DVN setups to prevent single points of failure. While LayerZero has publicly urged OApp developers to adopt safer configurations, criticism has emerged that the 1-of-1 setup is the default for new deployments, as noted by Kelp DAO in their rebuttal.

This isn’t just a technical issue—it’s a governance one. In the fast-moving DeFi space, the responsibility to implement secure configurations often falls on individual projects, many of which may lack the expertise or resources to do so effectively. The result is a fragmented ecosystem where critical infrastructure is only as secure as its weakest link.

The Path Forward

Encouragingly, the Kelp DAO exploit has spurred immediate action. Within days, LayerZero deprecated compromised RPC nodes and announced a policy to stop signing messages for applications using 1-of-1 configurations. USDT0 also paused its bridging infrastructure, signaling a proactive industry response.

Crucially, fixing these vulnerabilities doesn’t require a complete protocol overhaul. DVN configurations can be updated directly by OApp owners, making this a solvable problem. Wrapped Bitcoin (wBTC), for instance, has already announced its transition away from 1-of-1 DVN setups, with upgrades expected by April 26, 2026.

What Traders Should Watch

For investors, the key takeaway is clear: pay attention to the security configurations of assets you hold, particularly those deployed on LayerZero. Tokens like USDT0 remain high-risk until their DVN configurations are updated. Any exploit targeting these assets could ripple across lending platforms and the broader DeFi ecosystem, potentially impacting liquidity and market stability.

The Kelp DAO hack is a stark reminder that in crypto, decentralization without robust security is a recipe for disaster. Projects and investors alike must prioritize secure configurations to safeguard the future of DeFi.

Image source: Shutterstock