🚨 The KelpDAO exploit didn't just drain $292M.
It just exposed a ticking time bomb sitting underneath the majority of DeFi.
Dune Analytics ran the numbers on 2,665 LayerZero OApps after the exploit. What they found should terrify every protocol, every LP, and every user with assets bridged across chains right now.
47% of LayerZero OApps use a 1-of-1 DVN setup.
One validator. One point of failure. One exploit away from everything.
That's nearly half of the entire ecosystem running the same security configuration that just got KelpDAO's rsETH drained.
45% use 2-of-2. Better but still a single compromised relationship away from catastrophe. Only 5% use 3-of-3 or higher. The gold standard. The setup that actually requires coordinated failure across multiple independent validators before anything breaks.
5%.
Let that number sit with you.
The entire cross-chain bridge ecosystem the infrastructure moving billions in assets between networks every single day is overwhelmingly secured by the minimum viable configuration. Not because it's safe. Because it's cheap. Because it's fast to deploy. Because security theater is easier to ship than security.
KelpDAO wasn't an anomaly. It was a preview.
Every protocol running 1-of-1 right now is a target with a known vulnerability and a public address. The hackers read Dune Analytics too.
The question isn't if another exploit hits this configuration.
It's which protocol. It's which week.
Upgrade or become the next headline.