LayerZero and Kelp DAO Dispute Responsibility for $292 Million Exploit, Security Measures Under Scrutiny Bryan Pellegrino, CEO of LayerZero, disputes Kelp DAO's accusations regarding a $292 million exploit, with both parties blaming each other for the vulnerability. Kelp DAO plans to migrate its rsETH token to Chainlink for enhanced security, while LayerZero announces stricter validation protocols. The incident highlights ongoing security concerns in the DeFi sector. Bryan Pellegrino, co-founder and CEO of LayerZero, has responded to accusations made by Kelp DAO regarding the recent $292 million exploit. Pellegrino stated that an external security firm will soon publish a postmortem report to address the incident. The exploit, which occurred in April, has led to a dispute between Kelp DAO and LayerZero over responsibility for the vulnerability. Kelp DAO has announced plans to migrate its restaking token, rsETH, to the Chainlink oracle platform to enhance security. According to Kelp DAO, the hack was a result of an inadequate setup in its decentralized verifier network (DVN), which relied solely on a single LayerZero DVN for validation instead of employing multiple independent checks.LayerZero has countered this claim, asserting that it had advised against such a configuration. Data from Dune Analytics reveals that approximately half of LayerZero users operate with a single DVN, raising concerns about security risks. Kelp DAO maintains that it had open communication with LayerZero and that the DVN configuration was previously confirmed as secure. In response to the exploit, LayerZero has announced that it will no longer validate or approve cross-chain messages for any application using a single verifier.The company is also in the process of migrating protocols to a multi-DVN setup. Meanwhile, a US law firm is attempting to block the transfer of frozen ETH from the Kelp exploit. Pellegrino further clarified that Kelp DAO initially used multi-DVN defaults but later switched to a 1/1 configuration, which is not recommended for production applications. He emphasized that the default configuration for rsETH was a multi-DVN setup involving LayerZero Labs and Google.The incident has sparked broader discussions about security practices in the decentralized finance (DeFi) sector, with Bitcoiners considering the traditional 'sell in May' strategy and other market developments, such as the shutdown of Sam Bankman-Fried's bid for a new trial