DEX in the City: KelpDAO vs. LayerZero: Who Is Liable When a DeFi Protocol Is Hacked? artwork

DEX in the City: KelpDAO vs. LayerZero: Who Is Liable When a DeFi Protocol Is Hacked?

Unchained

April 24, 2026

A $300M bridge exploit is forcing the question DeFi has been avoiding: when users lose money, who is actually responsible — the protocol, the infrastructure provider, or both? Thanks to our sponsors!
Speakers: Katherine Kirkpatrick Bos, Jessi Brooks, TuongVy Le
**Katherine Kirkpatrick Bos** (0:00)
Welcome to Dex in the City, where the wallets are cold and the takes are hot. Before we get into the good stuff, here's a word from our sponsors.

**SPEAKER_2** (0:09)
Bitcoin changed how money works. Citrea changes how Bitcoin scales. With a trust-minimized BTC and a native stablecoin, CTUSD, Citrea enables Bitcoin capital markets with lending, privacy, Bitcoin yield, and more. Get started at citrea.xyz slash unchained.

**Katherine Kirkpatrick Bos** (0:28)
Hi all, and we're back. Before we get going, remember, we're lawyers, but we're not your lawyers, so nothing you hear on decks in the city is legal or financial advice, and it doesn't create an attorney-client relationship. For the fine print, as always, check unchainedcrypto.com.
First, we have Jessi, Web3 prosecutor turn, Web3 protector at Ribbit Capital, and V from the SEC to Web3. I'm your host, Katherine, KK, Fluent and TradFi, and conversant in deep tech over at StarkWare. Today, we're really excited to be joining you from beautiful Phoenix, Arizona, at the Yves Wells Summit.
Women are dominant here. There's about 99 percent women, so we keep joking with the one man, or not one man, the handful of men. It's like three men, and this is what it feels like to be a woman at a crypto conference.

**Jessi Brooks** (1:14)
And also, like everyone's just complimenting each other on their clothes and being so nice. Oh my God. It's also really hot, but I like that.

**Katherine Kirkpatrick Bos** (1:24)
Yeah, yeah. Frank, Frank Chaparro made that joke on stage, and I actually loved it because he was spot on. Like the women are so nice to each other. It's giving me all the feels.
So we have so much to cover today, and we're gonna talk a little bit more later on about Paris blockchain. All three of us were speaking on a, if I say, if I may say standing room panel, a standing room only panel at Paris blockchain. But before we get to that, we gotta get to the good stuff immediately. Good stuff, or should I say bad stuff?
It seems like every day there is another massive exploit. This is a problem. So we're gonna talk about this. B, tell us more about the latest.

**TuongVy Le** (2:07)
Well, so I guess the good news is there has not been a hack yet today.
But as we all know, there's just been like a run of attacks in DeFi lately. You know, just I think in the last few weeks, there was Resolve, which involved manipulation of a minting function, and then Drift, which was Oracle manipulation, and now Kelp DAO, which involved a bridge exploit. And at the heart of everything, just like questionable security configurations and operational practices all around, right? So needless to say, this is really, really bad. I think I saw somewhere that there's been more lost in these kinds of attacks in the last three months than all of 2025 combined. And so I think we need to...

**Jessi Brooks** (2:57)
Yeah, we need to talk about 2025

**TuongVy Le** (2:59)
Yeah, so we need to talk about it. But so before I jump into what happened and sort of the interesting legal questions I think these things raise, I wanted to say, we all follow this stuff pretty closely on X and social media. And one thing I actually really hate is like every time something like this happens and people call out things like the poor operational security practices or governance design or whatever, they're accused of like grave dancing. And I don't really understand like what that word means. And it actually reminds me so much of whenever there's like a mass shooting and people are like, you're not allowed to talk about gun control, only thoughts and prayers. It's like, well, where's the accountability, right? How are we ever going to improve things if we're only allowed to give thoughts and prayers?
And like what about the victims, right? They deserve to know what happened and why and what these teams are going to do about it, what the industry is going to do about it to make sure that it doesn't happen again. So I think accountability is really important and we can't have that unless we're allowed to ask questions. And so we shouldn't be silencing each other every time something like this happens.

**Jessi Brooks** (4:16)
Can I jump in there Vy, because I want you to explain exactly what happened, but also I just thought that was really, really beautiful and I completely agree. And sort of the school shooting thing is something that has been on my brain for a while. And I sort of hate to bring that up as a comparison because it's so devastating when it comes to the specifics of that. However, when you think about how GPRK is using this money, it can lead to death and harm at the physical level as well.

38 more minutes of transcript below

Feed this to your agent

Try it now — copy, paste, done:

curl -H "x-api-key: pt_demo" \
  https://spoken.md/transcripts/1000763356256

Works with Claude, ChatGPT, Cursor, and any agent that makes HTTP calls.

From $0.10 per transcript. No subscription. Credits never expire.

Using your own key:

curl -H "x-api-key: YOUR_KEY" \
  https://spoken.md/transcripts/1000763356256