Beyond Smart Contracts: The Infrastructure Trap The recent $292M KelpDAO exploit (April 2026) was a wake-up call for the DeFi ecosystem. As a security researcher, I decided to deconstruct this incident to show that even "audited" code can fail if the infrastructure layer is fragile. The Root Cause: The "1-of-1" Fallacy KelpDAO utilized LayerZero v2 for its bridge operations. While the protocol itself is robust, the configuration was a disaster waiting to happen. They used a 1-of-1 DVN (Decentralized Verifier Network). The result? A single point of failure. By compromising the RPC nodes used by this verifier, attackers were able to feed it "poisoned" data. The "Phantom Burn" Attack Vector The exploit didn't break any math in the smart contracts. Instead, it manipulated the state perception: Eclipse Attack: Attackers isolated the verifier's RPC nodes. Fake Events: They broadcasted a fake "Burn" event on the source chain.…