A single compromised oracle just cost someone $292 million. The KelpDAO exploit, which drained 116,500 rsETH through LayerZero’s infrastructure on April 18, marks one of the largest DeFi hacks of the year, and it happened because of something the industry has been quietly ignoring: cross-chain protocols are essentially oracle networks, and oracle networks have single points of failure.
Chronicle Labs CEO Niklas Kunkel put it bluntly. Interoperability protocols like LayerZero and Chainlink CCIP are, at their core, oracles. Every time a project uses cross-chain communication, it’s placing its trust in these verification systems. When that trust gets exploited, the results are catastrophic.
How the attack unfolded
The breach targeted LayerZero’s Decentralized Verifier Network, or DVN, which is the infrastructure responsible for validating cross-chain messages. Attackers compromised internal RPC nodes through social engineering, essentially tricking their way into the system rather than breaking through code.
LayerZero Labs published its incident report on May 20, attributing the attack to TraderTraitor, a North Korean threat actor linked to the Lazarus Group.
Here’s the thing about LayerZero’s architecture. It separates oracles (verifiers) from relayers to create a system of checks and balances for cross-chain validation. In theory, this dual-layer approach makes attacks harder. In practice, KelpDAO was running a single-DVN configuration, which meant compromising one verification layer was enough to drain the entire protocol.
The oracle problem nobody wanted to talk about
LayerZero’s model was supposed to be different. By letting applications choose their own security configurations, including which DVNs to use and how many to require, the protocol positioned itself as more flexible and potentially more secure than monolithic bridge designs. But flexibility cuts both ways. When projects opt for minimal security setups to save on costs or reduce complexity, they’re effectively choosing speed over safety.
The incident report from LayerZero Labs outlined plans to improve security protocols and eliminate single-DVN setups in future deployments.
When you bridge assets across chains, you’re not just moving tokens. You’re trusting an oracle to correctly verify that a transaction happened on Chain A before releasing funds on Chain B. If that oracle lies, or is forced to lie, the money is gone.
Chronicle Labs and the redundancy argument
Chronicle Labs, which Kunkel founded after spinning the company off from MakerDAO in 2023, has been building decentralized oracle infrastructure for both tokenized assets and real-world assets. The firm has historically secured over $20 billion in assets and raised $12 million in seed funding in March 2025.
The company’s pitch centers on redundancy and robust verification, which is exactly the opposite of what failed in the KelpDAO exploit. Rather than allowing single points of failure, Chronicle’s approach emphasizes multiple layers of validation that an attacker would need to compromise simultaneously.
What this means for investors and builders
Investors with assets deployed across multiple chains need to understand that every bridge interaction carries oracle risk. A protocol using multiple independent DVNs presents a fundamentally different risk profile than one using a single verifier, even if both run on the same underlying LayerZero technology.
For builders, the cost savings from running minimal verification setups now need to be weighed against the existential risk of a complete protocol drain. LayerZero’s commitment to eliminating single-DVN configurations will likely become an industry standard, not a differentiator.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

1 hour ago
1
















English (US) ·