Kelp DAO: The reason for the theft is that LayerZero's RPC node was compromised

Kelp DAO officially stated in a post on X regarding the theft incident that the cause of the theft was the compromise of two RPC nodes hosted by LayerZero, while a third RPC node suffered a DDoS attack. This was an attack targeting LayerZero's infrastructure, and Kelp's own system was not involved in the construction or operation of that infrastructure.

The 1/1 DVN configuration is the scheme recorded in LayerZero's documentation and is the default setting for all new OFT deployments. Kelp has been operating on LayerZero's infrastructure since January 2024 and has maintained open communication with the LayerZero team. During Kelp's expansion to Layer2, the DVN configuration issue was discussed, and at that time, the default configuration was explicitly confirmed to be appropriate. Kelp's current top priority is to safeguard user interests and prevent risks from spreading within the DeFi ecosystem. The team is collaborating with various parties within the ecosystem to analyze the impact, seek support, and explore all possible mitigation solutions.