News linked to this event type.
According to an official announcement from Curve Finance, due to a hacker attack on the rsETH LayerZero infrastructure, Curve Finance has suspended its LayerZero infrastructure for security reasons, pending further investigation into the root cause before resuming operations. This suspension affects the following: cross-chain bridging of CRV tokens from BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava (chains using native bridges remain unaffected), as well as the crvUSD fast bridge functionality (the L2 slow bridge remains fully operational). Meanwhile, KelpDAO is also reported to have suffered a vulnerability exploit involving approximately $291 million; the exact extent of losses is still under investigation.
23pds, Chief Information Security Officer of SlowMist Technology, retweeted: “The unauthorized access to Vercel’s internal systems appears linked to an internal data leak.” The related tweet states that someone claiming to be “ShinyHunters” on BreachForums is offering for sale—reportedly for $2 million—a purported Vercel internal database, access keys, source code, employee accounts, API keys, NPM tokens, and GitHub tokens. The data allegedly pertains to Vercel’s internal Linear system and internal user management system. Earlier reports indicated that Vercel, a cloud hosting platform, disclosed unauthorized access to its internal systems, affecting a small number of customers.
According to an official announcement, cloud hosting platform Vercel confirmed a security incident involving unauthorized access to certain internal systems. At present, only a small number of customers have been confirmed affected, and Vercel is directly communicating with those customers. Vercel stated that its services remain fully operational; it has launched an investigation, engaged incident response experts to assist with remediation, and notified law enforcement authorities. Vercel recommends that all customers review their environment variables and use the sensitive environment variables feature to strengthen security protections.
According to an official announcement, Curve Finance has suspended its LayerZero infrastructure as a precautionary measure following a hacker attack on rsETH’s LayerZero infrastructure, pending further investigation into the root cause. This adjustment affects cross-chain CRV bridging initiated from chains including BNB, Sonic, Avalanche, Fantom, Etherlink, and Kava; bridging from other chains remains unaffected and continues to use native bridges. Additionally, the crvUSD fast bridge is impacted, while the slower bridge to L2s remains fully operational.
Liquid Capital founder Yi Lihua posted on X, stating that preserving principal is crucial during bear markets. He pointed out that on-chain theft incidents occur frequently, and ignoring risks solely to chase a few percentage points of returns could result in principal loss. JackYi emphasized that all investments carry risk—including holding funds on exchanges or participating in wealth management products and mining. He stressed that the top priority right now is setting take-profit and stop-loss levels, and proactively planning contingency measures for worst-case scenarios to avoid losing principal before the bull market arrives.
According to a post by Lido, the Lido Earn team is aware of the developments regarding the Kelp DAO exploit, and earnETH has exposure to rsETH. As a precautionary measure, additional deposits to earnETH have been paused while the situation is being assessed with relevant partners. More details will be announced later.
According to on-chain analyst Yujin (@EmberCN), ZRO—the native token of LayerZero, the cross-chain bridge exploited by hackers in today’s rsETH vulnerability incident—fell 18% on the day, dropping from $1.90 to $1.50. Twenty minutes ago, a Polymarket user with the address “greenrooibos” deposited 978,000 ZRO tokens to Binance, valued at approximately $1.57 million. These ZRO tokens were withdrawn from Binance two weeks ago, when they were worth roughly $2.04 million; this deposit thus corresponds to a loss of approximately $470,000.
Keone Hon, co-founder of Monad, stated that if a pooled lending protocol allows an asset to be deposited as collateral, it should impose rate limits on the increase in supply rather than opening up to the maximum supply cap all at once. For example, if the current supply is $100 million and the cap is $300 million, the supply should only be allowed to increase to $110 million within the next 10 minutes. He noted that this approach would limit the scale of possible withdrawals in the event of a hack targeting heterogeneous assets—particularly those exploiting infinite minting vulnerabilities—thereby constraining the impact of such attacks. Keone Hon believes lending protocols are typically the largest exit channel for associated assets. Implementing a “smart cap”—initially set slightly above the current supply and gradually adjusted over several hours to the true cap—would significantly improve risk control and could have prevented today’s ~$200 million loss for rsETH depositors.
Axelar Network stated that the hacker attack and theft of funds undermine users’ overall trust in blockchain systems and slow down the adoption of the global ledger it envisions. Axelar expressed its support for the LayerZero team in navigating this difficult situation and rebuilding trust. Regarding this approximately $290 million attack, Axelar emphasized that—pending final forensic findings—the incident once again highlights the need for multi-layered security in cross-chain bridge construction. This includes ensuring operational security for bridge operators, validators, and validating nodes; providing proper incentives and training; and removing validators whose technical capabilities are not adequately demonstrated. Additionally, operators must be sufficiently numerous, structurally heterogeneous, diverse, and geographically distributed to prevent ultimate control by a single entity.
Odaily News Trader 0xSun posted stating that news-driven trading remains one of the more cost-effective strategies in the current crypto market, with its core lying in the directionality and volatility brought by events.Reviewing several recent events, including abnormal ETH transactions, Arc fee adjustments, TAO ecosystem changes, RAVE-related investigations, and the KelpDAO security incident, all triggered significant price fluctuations within a short period. He believes that participating in such opportunities relies on either the speed of information acquisition or the ability to judge the impact of events.Furthermore, he indicated that as the recent altcoin market has gradually cooled down, he has resumed the strategy of going long on BTC while hedging by shorting some altcoin assets. He believes that against the backdrop of relatively weak liquidity and the fading of certain narratives, the overall performance of altcoins may face relatively more pressure.
According to on-chain analyst Onchain Lens (@OnchainLens), Kelp DAO lost approximately $294 million in the cross-chain bridge exploit. As a result, $ZRO dropped from $2 to $1.40. A whale holding a long $ZRO position on HyperLiquid was partially liquidated, incurring a loss of $2.88 million. The whale still holds the position, with an unrealized loss exceeding $750,000 and a total loss of approximately $28.98 million.
LayerZero tweeted that it is aware of the rsETH vulnerability incident and has been actively collaborating with the KelpDAO team on response and remediation efforts since the incident occurred, while continuing to monitor the situation. LayerZero stated that, aside from the rsETH-related incident, all other applications remain secure. Regarding the root cause of the incident, LayerZero is jointly investigating with SEAL_Org and other parties, and pledged to jointly publish a comprehensive post-mortem report with KelpDAO once all information has been gathered.
Sky (formerly MakerDAO) announced on X that it has temporarily suspended the cross-chain bridging functionality for its omnichain fungible token (OFT) USDS. The team will further assess the impact of the recent rsETH security incident. Sky emphasized that its protocol and the USDS smart contract remain unaffected at this time, and USDS continues to be fully collateralized as designed—verifiable on-chain at any time.
Michael Egorov, founder of Curve Finance, stated in a post that he hopes Aave will address the relevant issues. He noted that non-isolated lending offers strong scalability but carries higher risk—the key lies in risk management, an area where Aave has historically performed well. He added that markets could adopt a fully isolated model—like Curve Finance’s—or a hybrid model; although the latter is highly complex, it remains feasible. However, the market has yet to grasp its advantages. Egorov also remarked that Aave v4’s hub-and-spoke model may represent a step toward semi-isolation and greater safety.
Odaily News: Sonic Labs co-founder and Flying Tulip founder Andre Cronje posted on platform X, stating that his team is continuing to investigate the L0/rsETH incident. Preliminary reports indicate that approximately $200 million worth of rsETH was stolen, possibly due to a private key leak or configuration error. The related assets were subsequently deposited into Aave as collateral to borrow ETH (due to insufficient rsETH liquidity).Andre Cronje pointed out that the affected positions are technically still overcollateralized. However, if bad debt occurs, Aave's token mechanism and Safety Module will serve as the first line of defense to absorb the risk. Nevertheless, Aave has no mechanism to subsidize user losses, as doing so could trigger a bank run. Currently, Aave holds approximately $7 billion in ETH with an outstanding borrowing amount of around $100 million, so the overall impact of this incident is limited. Furthermore, prioritizing user liquidity, Flying Tulip has withdrawn all its ETH from Aave to its fund management wrapper contract. This action was taken because Aave's available liquidity had fallen below its set minimum threshold.
According to on-chain analytics platform Lookonchain (@lookonchain), impacted by the KelpDAO incident, the attacker deposited rsETH into Aave and borrowed ETH, resulting in a bad debt on Aave. As a result, several whales have begun urgently withdrawing ETH from Aave. Currently, ETH utilization on Aave has risen to 100%.
According to on-chain analyst Yujin (@EmberCN), after the hacker borrowed a large amount of ETH from Aave by pledging illegally minted rsETH, multiple whale addresses sold AAVE on-chain, causing AAVE’s price to drop 15% that day. Among them, the Polymarket user “smaugvision” sold 20,015 AAVE at an average price of $102.9, worth approximately $2.06 million; address 0xFC5 sold 20,000 AAVE at an average price of $102.8, worth approximately $2.05 million; and address 0xA2E sold 19,665 AAVE at an average price of $99.2, worth approximately $1.95 million.
Odaily News The Ethereum restaking protocol Kelp has officially confirmed suspicious cross-chain activity involving rsETH. It has currently paused the rsETH contracts on the mainnet and multiple L2s and launched an investigation into the attack. It is also collaborating with LayerZero, Unichain, as well as audit firms and security experts to conduct a root cause analysis (RCA). A post-mortem report will be released subsequently.
Regarding the KelpDAO hack, Aave tweeted that the rsETH markets on Aave V3 and Aave V4 have been frozen. Aave stated that its contracts were not exploited and that this incident is related to the exploit of Kelp DAO’s rsETH cross-chain bridge. The freeze will prevent new rsETH deposits and rsETH-backed lending. Aave is currently reviewing lending activity involving rsETH on the platform following the exploit and has indicated that, should the protocol accumulate bad debt as a result, it will explore options to cover the deficit. Earlier reports indicated that Kelp DAO’s cross-chain bridge was hacked, resulting in the theft of approximately $292 million worth of rsETH, exposing Aave V3 to bad debt risk.
According to CoinDesk, Kelp DAO’s LayerZero-based cross-chain bridge was attacked, with the attacker withdrawing 116,500 rsETH—worth approximately $292 million at current prices, or roughly 18% of its circulating supply. This incident has become the largest DeFi attack of 2026 to date. In response, Aave, SparkLend, and Fluid have frozen rsETH-related markets, and Lido Finance has suspended new deposits into its earnETH product. Kelp DAO stated it is jointly investigating the incident with LayerZero, auditing firms, and external security experts.