A significant security incident has shaken the decentralized finance (DeFi) community, as KelpDAO, a prominent liquid restaking protocol, suffered a major exploit on April 18, losing an estimated $290 million. This incident is being widely referred to as the biggest DeFi hack to date in 2026, prompting urgent questions and scrutiny from within the crypto industry.

Shortly after the exploit, LayerZero, whose technology was involved, issued an update attributing the incident to an isolated issue within its rsETH configuration. LayerZero stated that the exploit directly resulted from a single-Decentralized Verifier Network (DVN) setup, specifying that the highly sophisticated attack involved the poisoning of the downstream RPC infrastructure utilized by the LayerZero Labs DVN.

However, LayerZero's explanation has been met with skepticism from notable figures in the crypto space. David Schwartz, CTO Emeritus at Ripple, publicly questioned the narrative, referencing a December 2024 tweet by LayerZero CEO Bryan Pellegrino. In that earlier statement, Pellegrino had emphatically claimed that none of LayerZero's protocol volume relied solely on its DVN. Pellegrino's exact words were: "What percentage of LZ volume relies solely on LZ DVN? The answer to that is 0%. There isn't a single application setup that solely uses the LZ DVN."

Schwartz highlighted this apparent contradiction, asking, "Did something change between December of 2024 and now? Because unless I'm confused, this is saying that the attack on KelpDAO could not have happened as LayerZero described it." His query directly challenges the consistency of LayerZero's statements regarding its network architecture and the reliance on single DVN configurations.

The implications of Schwartz's questions are profound: if KelpDAO indeed operated with a single-DVN configuration, it suggests either a fundamental change in the system's architecture post-2024, or that the earlier claims made by LayerZero's CEO were inaccurate. This ongoing debate underscores the crypto community's persistent demand for transparency and clear answers about what exactly led to such a substantial loss.

Adding to the industry's reflections on the incident, Aanchal Malhotra, Ripple's head of research, shared her thoughts on the rsETH hack. She emphasized that while "the industry is moving toward better primitives—ZK proving, tighter audit standards," these advancements alone are insufficient. Malhotra stressed that "Until security proofs and deployment environments are evaluated together, the gap remains," highlighting the crucial need for a holistic approach to security in the rapidly evolving DeFi landscape.