Kelp DAO has raised objections to the rsETH bridge attack incident report, accusing LayerZero's default settings of causing a loss of $290 million

According to CoinDesk, the liquidity re-staking protocol Kelp DAO has raised objections to LayerZero's investigation report regarding the previous $290 million rsETH bridging attack incident.

Kelp DAO claims that the single-validator (1/1) configuration that led to this attack was not a choice made in disregard of recommendations, but rather the default setting in LayerZero's official guidelines, and the validator network (DVN) exploited by the attacker is part of LayerZero's own infrastructure.

The attack resulted in the theft of 116,500 rsETH, valued at approximately $290 million. Security researchers pointed out that LayerZero's publicly deployed code defaults to a single-source validation configuration across networks such as Ethereum, Binance Smart Chain, Polygon, Arbitrum, and Optimism.

LayerZero subsequently responded that it will stop signing messages for any applications using a single-validator setup and will enforce a security migration.