Do you remember the $292 million theft that shocked the crypto world last year? To this day, both sides are still throwing blame at each other, and the situation is decidedly awkward.

It happened like this: In April last year, Kelp DAO was attacked by hackers and had 116,500 rsETH stolen, setting a record for the largest DeFi theft of that year. Later investigations found that the mastermind was very likely the North Korean hacker organization Lazarus. This group has been behind many major cases in the past, and this move was also highly professional—they first infiltrated LayerZero’s DVN verification nodes, poisoned two of the RPC nodes, then launched DDoS attacks against other nodes, and finally succeeded in tricking the system into signing the stolen funds transaction.

LayerZero subsequently released an investigation report, directly naming that Kelp DAO used a fragile configuration called “1-of-1 DVN.” They said this was essentially a time bomb buried inside the system. They also stressed that they had previously advised Kelp multiple times to diversify its node configuration, but the latter just wouldn’t listen.

After being accused, Kelp DAO went on the offensive with full force. On X, they issued a statement saying that this so-called single-point verification configuration was actually a default option written in LayerZero’s official documentation, not something they set up on their own. Kelp also said they began using LayerZero infrastructure as early as January 2024, and the communication channels between both sides had always been smooth. When expanding to Layer 2, they also discussed DVN configuration, and LayerZero’s officials at the time even confirmed that this setup was appropriate.

What’s interesting is that both sides hold firm positions and are blaming each other for the security vulnerability. In the end, Kelp DAO emphasized that they took emergency measures immediately—pausing the relevant contracts and adding the hacker’s wallet to the blacklist—helping them get the situation under control. As for the subsequent security hardening plan, the Kelp team said it is still under evaluation.

From a certain angle, this comes down to a classic question: is it the tool provider’s responsibility to ensure users choose the right configuration, or is it up to users themselves to take responsibility for security decisions? There isn’t much to say about Lazarus’s operation itself, but this blame dispute does reflect some deeper issues within the DeFi ecosystem.