News linked to both this project and an event.
Aave has published a post-mortem of the April 18 rsETH incident, stating that the rsETH LayerZero V2 cross-chain bridge of liquid staking protocol Kelp accepted a forged message during a cross-chain transfer from Unichain to Ethereum. This caused the adapter on the Ethereum side to release 116,500 rsETH without a corresponding burn on the Unichain side. Aave stated that the attack occurred on a third-party cross-chain bridge infrastructure. However, the attacker deposited the stolen rsETH into 8 Aave V3 positions, borrowing 82,650 WETH and 821 wstETH, which impacted the Aave market.Aave stated that the attacker's rsETH on Arbitrum has now been burned. The LayerZero OFT adapter has replenished 116,131.72 rsETH in 5 batches, and the asset backing for rsETH has been fully restored. The affected WETH and rsETH markets have returned to normal.
Aave posted on X, stating that the first phase of the rsETH technical recovery plan has been completed, including the burning of the attacker's rsETH on Arbitrum.In the coming days, funds will be gradually replenished for the LayerZero OFT adapter, and rsETH-related operations will be restored.
Sky (formerly MakerDAO) announced on X that the cross-chain bridging of USDS OFT on the Solana network, which was suspended due to the security review of the rsETH vulnerability incident, has resumed operation.Sky emphasized that during the review, its USDS-related contracts and the protocol itself were not affected. USDS has always maintained a fully overcollateralized state as designed, which can be verified in real-time on-chain. The suspension was a precautionary security measure. Currently, the bridging function on the Solana side has been reopened, while the Avalanche-related bridging will resume after further review is completed.
According to The Block, the Arbitrum DAO voted to release 30,765.6 ETH (approximately $70 million), previously frozen, to support the DeFi United initiative—aimed at offsetting Kelp DAO’s $292 million exploit loss last month. The vote passed with 90.96% support (182.2 million votes). The attack was allegedly carried out by the North Korean Lazarus hacking group, which exploited a vulnerability in LayerZero’s OFT cross-chain bridge—a single-validator configuration—which allowed attackers to steal 116,500 rsETH and pledge most of the stolen assets as collateral on Aave, resulting in roughly $190 million in bad debt. DeFi United has secured contributions from multiple parties, including 30,000 ETH from Consensys and Joseph Lubin, a 30,000-ETH loan from Mantle, and 5,000 ETH from LayerZero.
According to The Block, Kelp DAO will abandon LayerZero and adopt Chainlink’s Cross-Chain Interoperability Protocol (CCIP) as its cross-chain infrastructure, along with Chainlink’s Cross-Chain Token (CCT) standard. Previously, in April, Kelp DAO suffered a cross-chain bridge attack totaling approximately $292 million; the attackers are suspected to be linked to North Korea’s Lazarus Group and exploited the single-validator configuration of the LayerZero-powered OFT cross-chain bridge to steal 116,500 rsETH. Chainlink states that its CCIP requires at least 16 independent node operators to validate cross-chain transactions.
Odaily News Kelp DAO officially posted on X regarding the follow-up on the theft incident, stating that the cause was the compromise of two RPC nodes hosted by LayerZero, while the third RPC node suffered a DDoS attack. This was an attack targeting LayerZero's infrastructure; Kelp's own systems were not involved in the construction or operation of this infrastructure.The 1/1 DVN configuration is the scheme documented in LayerZero's documentation and is the default setting for all new OFT deployments. Kelp has been operating on LayerZero's infrastructure since January 2024 and has maintained open communication with the LayerZero team. During Kelp's expansion to Layer2, the DVN configuration was discussed, and the default configuration was explicitly confirmed as appropriate at that time.Kelp's current top priority is to protect user interests and prevent risks from spreading within the DeFi ecosystem. The team is collaborating with various parties in the ecosystem to analyze the impact, seek support, and explore all possible mitigation solutions.
Sky (formerly MakerDAO) announced on X that it has temporarily suspended the cross-chain bridging functionality for its omnichain fungible token (OFT) USDS. The team will further assess the impact of the recent rsETH security incident. Sky emphasized that its protocol and the USDS smart contract remain unaffected at this time, and USDS continues to be fully collateralized as designed—verifiable on-chain at any time.