In a recent tweet, Ripple CTO Emeritus David Schwartz questions the explanation behind the recent KelpDAO exploit.
On April 18, KelpDAO, a liquid restaking protocol, suffered a major exploit, losing over $290 million. In an update shortly after, LayerZero stated that the KelpDAO incident was isolated to its rsETH configuration, directly resulting from its single-DVN setup. LayerZero noted that the subject of the highly sophisticated attack was the poisoning of the downstream RPC infrastructure used by the LayerZero Labs DVN.
A week after the incident, the crypto community continues to seek answers about what transpired in what is referred to as the biggest DeFi hack to date in 2026.
In this light, Ripple CTO emeritus David Schwartz referred to an X reply by LayerZero CEO Bryan Pellegrino in December 2024, where he stated that none of the protocol’s volume relied solely on its Decentralized Verifier Network (DVN).
“What percentage of LZ volume relies solely on LZ DVN? The answer to that is 0%. There isn’t a single application setup that solely uses the LZ DVN,” Pellegrino said at the time.
Did something change?
In response, Schwartz questions whether something has changed between late 2024 and now. This begs the question: if no application previously relied solely on a single DVN, how could that same configuration now be said to be the root cause of the KelpDAO exploit?
Did something change between December of 2024 and now? Because unless I’m confused, this is saying that the attack on KelpDAO could not have happened as LayerZero described it. https://t.co/a1ACnTf3Bg
— David ‘JoelKatz’ Schwartz (@JoelKatz) April 25, 2026
“Did something change between December of 2024 and now? Because unless I’m confused, this is saying that the attack on KelpDAO could not have happened as LayerZero described it,” Schwartz questioned.
If KelpDAO did in fact operate with a single-DVN configuration, it raises questions about whether the system architecture changed after LayerZero’s CEO’s comments in 2024 or whether the earlier claims were not accurate.
Along these lines, Ripple’s head of research Aanchal Malhotra, in a recent tweet, shared a few thoughts on the rsETH hack, noting that “the industry is moving toward better primitives—ZK proving, tighter audit standards. But primitives alone aren’t enough. Until security proofs and deployment environments are evaluated together, the gap remains.”