News linked to both this project and an event.
Aave has published a post-mortem of the April 18 rsETH incident, stating that the rsETH LayerZero V2 cross-chain bridge of liquid staking protocol Kelp accepted a forged message during a cross-chain transfer from Unichain to Ethereum. This caused the adapter on the Ethereum side to release 116,500 rsETH without a corresponding burn on the Unichain side. Aave stated that the attack occurred on a third-party cross-chain bridge infrastructure. However, the attacker deposited the stolen rsETH into 8 Aave V3 positions, borrowing 82,650 WETH and 821 wstETH, which impacted the Aave market.Aave stated that the attacker's rsETH on Arbitrum has now been burned. The LayerZero OFT adapter has replenished 116,131.72 rsETH in 5 batches, and the asset backing for rsETH has been fully restored. The affected WETH and rsETH markets have returned to normal.
Aave announced that the first batch of rsETH has been transferred to LayerZero’s OFT adapter, and cross-chain transfers of rsETH between the Ethereum mainnet and various L2 networks have now resumed. This development means that the rsETH cross-chain channels previously affected have been restored, covering operations across the Ethereum mainnet and L2 networks.
According to The Block, the Arbitrum DAO voted to release 30,765.6 ETH (approximately $70 million), previously frozen, to support the DeFi United initiative—aimed at offsetting Kelp DAO’s $292 million exploit loss last month. The vote passed with 90.96% support (182.2 million votes). The attack was allegedly carried out by the North Korean Lazarus hacking group, which exploited a vulnerability in LayerZero’s OFT cross-chain bridge—a single-validator configuration—which allowed attackers to steal 116,500 rsETH and pledge most of the stolen assets as collateral on Aave, resulting in roughly $190 million in bad debt. DeFi United has secured contributions from multiple parties, including 30,000 ETH from Consensys and Joseph Lubin, a 30,000-ETH loan from Mantle, and 5,000 ETH from LayerZero.
Odaily News Kelp DAO officially posted on X regarding the follow-up on the theft incident, stating that the cause was the compromise of two RPC nodes hosted by LayerZero, while the third RPC node suffered a DDoS attack. This was an attack targeting LayerZero's infrastructure; Kelp's own systems were not involved in the construction or operation of this infrastructure.The 1/1 DVN configuration is the scheme documented in LayerZero's documentation and is the default setting for all new OFT deployments. Kelp has been operating on LayerZero's infrastructure since January 2024 and has maintained open communication with the LayerZero team. During Kelp's expansion to Layer2, the DVN configuration was discussed, and the default configuration was explicitly confirmed as appropriate at that time.Kelp's current top priority is to protect user interests and prevent risks from spreading within the DeFi ecosystem. The team is collaborating with various parties in the ecosystem to analyze the impact, seek support, and explore all possible mitigation solutions.
According to an official post on Ethena’s X account, due to the absence of a satisfactory root-cause analysis regarding the rsETH incident, Ethena has decided to extend the suspension period for its LayerZero OFT cross-chain bridge. Meanwhile, Ethena released its latest Proof of Reserves, independently verified by four third-party entities—Chainlink, Chaos Labs, LlamaRisk, and Harris & Trotter—confirming that USDe’s collateral coverage ratio remains above 100%. The verification results have been published on Ethena’s Transparency Page and Data Dashboard. Ethena stated it will continue monitoring the situation and provide updates as they become available.