The fallout from the recent Kelp DAO exploit continues to ripple across the crypto ecosystem, with LayerZero pointing to a flawed system setup as the root cause of the attack.

Single Point of Failure Led to Exploit

LayerZero said the breach stemmed from how Kelp DAO configured its decentralized verifier network (DVN).

The attacker drained roughly 116,500 rsETH, valued at nearly $293 million, from Kelp’s LayerZero-powered bridge.

According to LayerZero:

• Kelp relied on a 1/1 DVN setup, meaning only one verifier was used
• This created a single point of failure
• Prior recommendations to diversify verifiers were not followed

As a result, the attacker was able to exploit the system without needing to bypass multiple verification layers.

LayerZero Distances Itself

LayerZero stressed that the issue was not a flaw in its protocol, but rather how Kelp implemented it.

The company is now:

• Urging all projects to adopt multi-DVN configurations
• Warning it may stop supporting apps that continue using single-verifier setups

Aave Hit With $195M in Bad Debt

The impact quickly spread to Aave, where the attacker used stolen assets as collateral to borrow funds.

This led to:

• Around $195 million in bad debt
• A sharp drop in Aave’s total value locked
• Billions withdrawn by users amid rising concerns

Liquidity issues have also emerged, especially around Ether-based lending pools.

Liquidity Risks Raise Alarm

Reduced liquidity on Aave is now creating additional risks.

Analysts warn that:

• Markets are nearing 100% utilization
• A 15% to 20% drop in Ether price could trigger further instability
• Liquidations may fail under current conditions

To limit further damage, Aave has frozen rsETH markets across its platforms.

Who Covers the Losses?

With no clear recovery plan, debate has intensified over who should absorb the losses.

Suggestions from industry figures include:

• Negotiating with the attacker for a partial return of funds
• Using ecosystem funds to cover losses
• Spreading losses across users
• Attempting a rollback to pre-hack balances

Each option carries trade-offs, and no consensus has emerged.

Broader Implications for DeFi

The incident highlights how interconnected DeFi protocols can amplify risk.

A vulnerability in one protocol can quickly:

• Spill into lending markets
• Trigger liquidity crises
• Impact multiple platforms simultaneously

Security Practices Under Scrutiny

LayerZero’s criticism of Kelp’s setup underscores a key lesson: security configurations matter as much as the underlying technology.

As protocols grow more complex, ensuring robust multi-layer verification systems may become essential to preventing similar exploits.

UK fintech platform Stratiphy has introduced a new product aimed at restoring tax-efficient access to crypto exchange-traded notes (ETNs), following regulatory changes that had effectively blocked retail investors from using traditional routes.

Regulatory Changes Created a Market Gap

In October 2025, the Financial Conduct Authority lifted its long-standing ban on retail access to crypto ETNs linked to assets like Bitcoin and Ether. Initially, these products could be held within standard stocks and shares Individual Savings Accounts (ISAs), allowing for tax-free exposure.

However, the situation changed at the start of the new tax year when HM Revenue & Customs ruled that newly purchased crypto ETNs would no longer qualify for those ISAs.

Instead, they were restricted to Innovative Finance ISAs, a less commonly used structure typically associated with peer-to-peer lending. Since no major platform offered both crypto ETNs and IF ISAs, retail investors were left with limited practical access.

Stratiphy Steps In With a New Solution

Stratiphy’s new offering aims to bridge that gap by providing a compliant, tax-free route back into crypto ETNs.

The platform is launching with three ETNs issued by 21Shares, covering:

• Bitcoin exposure
• Ether exposure
• A hybrid Bitcoin and gold product

This setup gives investors a way to regain tax-efficient exposure to crypto markets within the current regulatory framework.

Existing Platforms Fall Short

While crypto ETNs are already available through platforms like:

• Interactive Investor
• Freetrade
• Revolut

none currently offer Innovative Finance ISAs, which limits their usefulness for tax-free investing under the updated rules.

Additionally, IF ISAs fall outside the UK’s Financial Services Compensation Scheme, adding another layer of consideration for investors.

Growing Interest in Regulated Crypto Products

Despite regulatory hurdles, demand for crypto ETNs remains strong.

A study by IG Group found that:

• Around 30% of UK adults are open to investing in crypto via ETNs
• The UK crypto market could grow by up to 20% following broader access

This interest is largely driven by the perceived safety and regulatory oversight of ETNs compared to direct crypto ownership.

Broader Regulatory Developments Underway

The UK is continuing to refine its approach to crypto regulation.

The Financial Conduct Authority has launched consultations ahead of a comprehensive framework expected to take effect in October 2027, covering:

• Stablecoins
• Trading platforms
• Custody services
• Staking

These efforts aim to bring greater clarity and structure to the market while supporting innovation.

A Step Toward Restoring Access

Stratiphy’s launch highlights how fintech firms are adapting to evolving regulations to maintain investor access.

By reopening a tax-efficient pathway to crypto ETNs, the platform could play a key role in reconnecting UK retail investors with regulated digital asset exposure.

The rise of artificial intelligence is reshaping how crypto security works, but not always for the better. While AI is helping uncover vulnerabilities faster, it is also flooding teams with low-quality reports that are becoming harder to manage.

Bug Bounty Submissions Surge Across Crypto

Bug bounty programs, which reward ethical hackers for identifying vulnerabilities, have long been a key part of crypto security. Now, AI tools are accelerating that process by scanning large amounts of code in seconds.

According to HackerOne, there were 85,000 valid bug bounty submissions in 2025, marking a 7% increase from the previous year.

However, the total number of submissions, including invalid ones, has grown much faster.

AI Creates More Noise Alongside Value

Industry leaders say AI is driving both progress and problems.

Barry Plunkett, co-CEO of Cosmos Labs, revealed that their program has seen a 900% increase in submissions, with teams now handling between 20 and 50 reports per day.

While some of these reports are legitimate, many are not.

Kadan Stadelmann, CTO of Komodo Platform, noted a clear rise in:

• False positives
• Low-quality submissions
• Reports likely generated using AI tools

The underlying issue is simple: AI has significantly reduced the effort required to generate a bug report, leading to a flood of submissions.

Developers Struggle With “AI Slop”

The growing volume of poor-quality reports is becoming a major burden.

Daniel Stenberg, creator of the widely used curl tool, recently shut down his bug bounty program altogether, citing exhaustion from dealing with what he described as “AI slop.”

For many teams, separating real vulnerabilities from noise is now one of the biggest challenges in maintaining security.

Adapting to a New Reality

To manage the surge, crypto teams are starting to rethink how bug bounty programs operate.

Some of the strategies being implemented include:

• Prioritizing submissions from trusted researchers
• Tightening scoring and validation criteria
• Using advanced triage systems

These changes aim to ensure that critical vulnerabilities are not overlooked amid the growing volume of reports.

AI Could Also Be the Solution

Despite the challenges, AI may also help solve the very problem it created.

Developers are exploring defensive AI systems that can:

• Filter incoming reports
• Identify high-quality submissions
• Reduce the burden on human reviewers

This approach could be especially important for smaller teams with limited resources.

A Turning Point for Crypto Security

Bug bounty programs remain essential for securing decentralized systems, but the rise of AI is forcing a shift in how they are managed.

The industry now faces a balancing act:

• Leveraging AI to improve security
• Preventing it from overwhelming systems with low-quality data

As AI continues to evolve, so too will the tools and strategies needed to keep crypto protocols secure.