Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 40+ AI models, with 0% extra fees
#Gate广场五月交易分享 I take responsibility for this! - LayerZero CEO admits protocol flaw
After a series of finger-pointing operations, it seems that the final responsible party for the Kelp DAO cross-chain bridge attack has finally been identified.
On May 4th, LayerZero CEO Bryan Pellegrino publicly stated that the protocol failed to prevent the 1/1 validator configuration from being used to secure billions of dollars in TVL, reflecting a double failure in product design and customer communication.
This statement came after the Kelp DAO cross-chain bridge was attacked on April 18th, resulting in losses of approximately $292 million.
The attack originated from Kelp using LayerZero’s default configuration—1-of-1 DVN, i.e., a single validator mode.
Subsequently, Kelp provided Telegram screenshots proving that LayerZero personnel had reviewed and approved this configuration for over two and a half years.
Data shows that at the time, about 47% of LayerZero OApp contracts used the same configuration, exposing assets worth over $4.5 billion.
Currently, Kelp has announced it will abandon LayerZero and migrate to Chainlink CCIP.
However, despite this, the most pressing question now is not who is responsible, but who will compensate.
Regarding this core issue, neither Kelp DAO nor LayerZero seems to care.
For the innocent victim AAVE, the biggest question is who will help share the $230 million bad debt.
Currently, DeFi United has raised over $300 million industry-wide for rescue efforts, and Arbitrum has frozen $73 million worth of ETH stolen by the hacker.
It seems that this crisis is gradually passing, so the question is, can AAVE start buying the dip?
I’ll take the blame for this! — LayerZero CEO admits protocol flaw
After a round of back-and-forth blame-shifting, it seems the Kelp DAO cross-chain bridge attack finally has a definitive party responsible.
On May 4, LayerZero CEO Bryan Pellegrino publicly posted that the protocol failed to prevent 1/1 single-validator configurations from being used to secure tens of billions of dollars in TVL, reflecting a double misstep in both product design and customer communication. The context for this statement was the April 18 attack on the Kelp DAO cross-chain bridge, which resulted in losses of about $292 million. The attack stemmed from Kelp using LayerZero’s default configuration—1-of-1 DVN, meaning a single-validator mode. After the incident, Kelp provided Telegram screenshots to show that LayerZero staff had reviewed and approved this configuration for as long as two and a half years. Data indicates that at the time, around 47% of LayerZero OApp contracts used the same configuration, exposing assets worth more than $4.5 billion. Currently, Kelp has announced it will discontinue LayerZero and migrate to Chainlink CCIP.
But even so, the question everyone cares about now isn’t who’s responsible—it’s who will pay. On this core demand, neither Kelp DAO nor LayerZero seems to take it seriously. For the unlucky AAVE that was caught in the crossfire, the biggest question is who will help share the 230 million yuan of bad debt. At present, DeFi United, together with the industry, has raised more than $300 million to mount a rescue, and Arbitrum has already frozen the ETH worth $73 million stolen by the hacker. It appears this crisis is gradually subsiding—so the question becomes: can AAVE start buying the dip?