"Did Something Change?" Ripple CTO Emeritus Probes KelpDAO Exploit Claims

TL;DR

Ripple CTO Emeritus David Schwartz questions the explanation behind the KelpDAO exploit, which lost over $290 million. He challenges LayerZero's claims about the attack's cause, suggesting inconsistencies in their narrative since late 2024.

Key points

KelpDAO lost over $290 million in a major exploit.
David Schwartz questions LayerZero's explanation of the attack.
The exploit is considered the biggest DeFi hack to date in 2026.
Concerns raised about the accuracy of LayerZero's claims.
Industry moving towards better security standards.

Mentioned in this story

David SchwartzKelpDAOLayerZero

rsETH

In a recent tweet, Ripple CTO Emeritus David Schwartz questions the explanation behind the recent KelpDAO exploit. On April 18, KelpDAO, a liquid restaking protocol, suffered a major exploit, losing over $290 million. In an update shortly after, LayerZero stated that the KelpDAO incident was isolated to its rsETH configuration, directly resulting from its single-DVN setup. LayerZero noted that the subject of the highly sophisticated attack was the poisoning of the downstream RPC infrastructure used by the LayerZero Labs DVN. A week after the incident, the crypto community continues to seek answers about what transpired in what is referred to as the biggest DeFi hack to date in 2026. In this light, Ripple CTO emeritus David Schwartz referred to an X reply by LayerZero CEO Bryan Pellegrino in December 2024, where he stated that none of the protocol's volume relied solely on its Decentralized Verifier Network (DVN). "What percentage of LZ volume relies solely on LZ DVN? The answer to that is 0%. There isn't a single application setup that solely uses the LZ DVN," Pellegrino said at the time.

Did something change?

In response, Schwartz questions whether something has changed between late 2024 and now. This begs the question: if no application previously relied solely on a single DVN, how could that same configuration now be said to be the root cause of the KelpDAO exploit?

Did something change between December of 2024 and now? Because unless I'm confused, this is saying that the attack on KelpDAO could not have happened as LayerZero described it.

— David 'JoelKatz' Schwartz (@JoelKatz) April 25, 2026 "Did something change between December of 2024 and now? Because unless I'm confused, this is saying that the attack on KelpDAO could not have happened as LayerZero described it," Schwartz questioned. If KelpDAO did in fact operate with a single-DVN configuration, it raises questions about whether the system architecture changed after LayerZero's CEO's comments in 2024 or whether the earlier claims were not accurate. Along these lines, Ripple's head of research Aanchal Malhotra, in a recent tweet, shared a few thoughts on the rsETH hack, noting that "the industry is moving toward better primitives—ZK proving, tighter audit standards. But primitives alone aren't enough. Until security proofs and deployment environments are evaluated together, the gap remains."

Q&A

What caused the KelpDAO exploit that lost over $290 million?

The KelpDAO exploit was attributed to a sophisticated attack on its single-DVN setup, poisoning the downstream RPC infrastructure used by LayerZero Labs.

How did David Schwartz respond to LayerZero's explanation of the KelpDAO incident?

David Schwartz questioned whether the system architecture changed since December 2024, implying that the attack could not have occurred as LayerZero described.

What are the implications of the KelpDAO exploit for the DeFi industry?

The KelpDAO incident raises concerns about security standards in DeFi, highlighting the need for better primitives and tighter audit practices.