rseth

Aave announced that ecosystem partners and service providers will establish a recovery fund to promote the restoration of rsETH to full asset backing. This plan has taken into account the pending Aave DAO governance votes (including Arbitrum governance votes), indicative protocols, and subsequent successful execution.Aave stated that it has reached an agreement with KelpDAO and LayerZero on the technical steps required to implement the recovery plan. Relevant work is underway, and addressing the issues of affected users and maintaining the stability of the broader DeFi ecosystem is the current top priority. The final recovery plan, user operation steps, and further updates will be announced soon.

Aave posted on platform X stating that the Aave service provider has released a governance proposal for Aave DAO, suggesting to allocate 25,000 ETH to participate in the ongoing DeFi United initiative. This ETH funding will be used to support the restoration of asset backing for rsETH, helping it to quickly regain its peg and promote the normalization of market conditions.This proposal aims to accelerate the risk management process for rsETH through financial support at the Aave DAO level, stabilizing the related DeFi market ecosystem.

KelpDAO announced on platform X that since April 18, it has been coordinating with Aave and ecological partners to advance the recovery work for rsETH holders. The initial gap of this incident was 163,200 ETH, and Kelp has currently recovered 40,300 rsETH, equivalent to about 43,000 ETH. The Arbitrum Security Committee has also secured an additional 30,700 ETH, leaving a remaining gap of approximately 89,500 ETH.Kelp stated that among the remaining gap, Mantle, Stani Kulechov, EtherFi, Lido, and Golem have publicly confirmed commitments totaling 43,500 ETH and are working with partners to formalize the relevant contributions. Kelp emphasized that rsETH holders are a priority.

The ether.fi community has released a proposal to "Utilize treasury funds to restore the collateral assets of rsETH." The proposal includes injecting 5,000 ETH into the rsETH special rescue pool to cover the collateral gap, protect user assets, and prevent bad debts from spreading in the DeFi system.

Aave has released the latest developments regarding the rsETH security incident on platform X, disclosing that operations related to rsETH reserves have been suspended on the Ethereum mainnet and networks such as Arbitrum, Base, Mantle, and Linea, in order to prevent excess aETH rsETH from being withdrawn, thereby pushing the position closer to the 95% liquidation threshold.This measure aims to preserve as much capital as possible during the asset recovery plan process and reduce systemic risk. Aave stated that further developments and disposal plans will continue to be disclosed to the community.

Lido has released the latest developments regarding the Kelp security incident, stating that its Earn series vaults are working with the management to address the issues, which involve two major risk points: the rsETH exposure and the liquidity tension in the lending market. Lido emphasizes that the core staking protocol has not been affected, and both stETH and wstETH remain safe and stable.Currently, only the EarnETH vault has an approximately 9% TVL exposure to rsETH, and related deposits and withdrawals have been suspended by the management, awaiting a solution. Approximately $70 million in ETH has been recovered from the previous attack, and the subsequent asset recovery and loss distribution are still in progress. In response to liquidity pressure, the management has reduced leverage and optimized the position structure, significantly decreasing the wETH debt exposure. If losses ultimately occur, EarnETH will activate a $3 million "first loss protection mechanism" (funded by the DAO). As for other vaults, DVV and EarnUSD have not been affected and are operating normally; the GGV sub-vault is currently experiencing negative returns due to the combination of circular staking strategies and rising lending rates, but adjustments are ongoing. Withdrawal requests submitted by users will be processed based on valuations prior to the incident.

Polymarket's latest data shows that the current probability of the market betting on "Will Kelp DAO share this loss?" is 25%.This market was established around the April 19 incident where the Kelp DAO bridge was attacked. The attacker exploited a LayerZero cross-chain messaging vulnerability, withdrawing approximately $292 million in rsETH from the bridge, causing damage to the collateral backing for rsETH holders on the L2 network.According to Polymarket's market rules, if Kelp DAO announces or implements a mechanism before April 30 to share part or all of the losses with mainnet rsETH holders (rather than having all losses borne by L2 holders), the market will be determined as "Yes"; otherwise, it will be "No".

Aave officially stated that there may be two types of bad debts arising from the rsETH theft incident, depending on the different handling of rsETH. If the stolen losses are deducted from all circulating rsETH, it is expected to generate $123.7 million in bad debts, which is concentrated in the Ethereum mainnet in absolute terms, and is most severe in proportion on Mantle.If the value of the mainnet rsETH is guaranteed, and all losses are accounted for in the mapped version of rsETH on Layer 2, it is expected to generate $230.1 million in bad debts, all of which will be on Layer 2. Mantle will face a 71.45% WETH shortfall, and Arbitrum will face a 26.67% shortfall; the Ethereum mainnet will not be affected. Aave added that which situation ultimately occurs depends on decisions that Aave cannot control, mainly the accounting method for rsETH and the exchange rate update method of the LRT Oracle.

Lido stated on platform X that its EarnETH treasury was affected by the theft of 116,500 rsETH (approximately $29.2 million) from the Kelp DAO cross-chain bridge on April 18.EarnETH holds approximately $21.6 million in rsETH risk exposure through leveraged positions in rsETH/ETH on Aave, accounting for about 9% of the total assets in the treasury. The EarnETH team is currently actively deleveraging to reduce risk, and the outcome depends on the final decisions made by Kelp, LayerZero, and Aave regarding loss sharing and bad debt handling.Lido further stated that EarnETH has a $3 million "first loss protection mechanism" funded by the Lido DAO treasury, which will be used to cover losses if necessary. The treasury has currently suspended redemption processing to assess the losses. This incident does not affect stETH and wstETH, and the core staking protocol of Lido is not involved.

According to CoinDesk, the liquidity re-staking protocol Kelp DAO has raised objections to LayerZero's investigation report regarding the previous $290 million rsETH bridge attack incident.Kelp DAO claims that the single-validator (1/1) configuration that led to this attack was not a choice made in disregard of recommendations, but rather the default setting in LayerZero's official guidelines, and the validator network (DVN) exploited by the attacker is part of LayerZero's own infrastructure.The attack resulted in the theft of 116,500 rsETH, worth approximately $290 million. Security researchers pointed out that LayerZero's publicly deployed code defaults to a single-source validation configuration across networks such as Ethereum, Binance Smart Chain, Polygon, Arbitrum, and Optimism.LayerZero subsequently responded that it will stop signing messages for any applications using a single-validator setup and will enforce a security migration.

LayerZero Labs released an incident report stating that KelpDAO suffered an attack resulting in a loss of approximately $290 million. Preliminary assessments indicate that the attacker is the Lazarus Group, which has ties to North Korea (more specifically, TraderTraitor). The attack was executed by poisoning the downstream RPC infrastructure relied upon by its decentralized verification network (DVN). The attacker controlled some RPC nodes and, in conjunction with a DDoS attack, induced the system to switch to malicious nodes, thereby forging cross-chain transactions.All affected RPC nodes have been taken offline and replaced, and the DVN has now resumed operation. LayerZero emphasized that this incident was limited to the rsETH application configuration of KelpDAO and did not affect other assets or applications. The reason is that KelpDAO was using a single DVN (1/1) architecture at the time and did not utilize the multi-DVN redundancy mechanism that is officially recommended for long-term use, resulting in a lack of independent verification nodes to identify forged messages.LayerZero pointed out that there were no vulnerabilities in its protocol itself, and applications with multi-DVN configurations were not affected, meaning there is no contagious risk in the system. LayerZero stated that it will urge all projects using single DVN configurations to migrate to multi-DVN architectures as soon as possible and has suspended providing signature and verification services for 1/1 configuration applications. Meanwhile, the company is cooperating with global law enforcement agencies to investigate and assist industry partners in tracking the stolen funds. LayerZero noted that this incident highlights the value of modular security architecture and also reminds the industry to pay attention to the potential security risks of RPC verification links.

Ethena stated that it has not yet received a satisfactory root cause analysis of the rsETH incident and will extend the temporary suspension period of the OFT bridge. While this may be frustrating, it is a prudent measure to ensure the safe cross-chain transfer of user assets.Ethena has released a new proof of reserves, verified by independent third-party verification agencies (Chainlink, Chaos Labs, LlamaRisk, and Harris & Trotter), confirming that the collateral support ratio for USDe remains above 100%.

DefiLlama founder 0xngmi has outlined three possible courses of action that KelpDAO may take following the rsETH hacking incident. Each of the three paths has significant flaws, and the final decision will test KelpDAO's credibility and Aave's risk tolerance.Path One: All users share the losses. KelpDAO will uniformly deduct 18.5% of the losses from all rsETH holders proportionally. Currently, there are about 666,000 rsETH collateralized across the Aave network, primarily highly leveraged on the mainnet and L2 (assuming all are at a 95% liquidation LTV). Once socialized losses occur, the equity of all positions on the mainnet will be completely wiped out, resulting in approximately $216 million in bad debt. The Umbrella protocol can cover $55 million in bad debt, and the Aave treasury will additionally bear $85 million, leaving a gap of about $76 million. KelpDAO may fill this gap by borrowing or selling Aave tokens (currently valued at about $51 million), but this would still put significant pressure on Aave, and all users would need to share the losses.Path Two: Directly rug the rsETH holders on L2. KelpDAO will only guarantee the mainnet rsETH and consider the rsETH on L2 as worthless. Currently, Aave L2 has about $359 million in rsETH collateral (calculated at current oracle prices), and if all are calculated at maximum leverage, it would result in approximately $341 million in bad debt, which cannot be covered by the Umbrella protocol at all. Aave can only use the treasury or borrowing to save part of the market, most likely abandoning chains like Arbitrum, Mantle, and Base, which have the largest losses, leading to a collapse of these L2 markets. This option has a minor impact on the Aave mainnet but would severely damage the credibility of the L2 ecosystem and could trigger a chain reaction.Path Three: Attempt to refund only the holders based on a snapshot taken before the hack, which is extremely difficult to execute. KelpDAO tries to fully refund only the rsETH holders based on the snapshot taken before the hack, while subsequent buyers or transfer holders would bear the losses themselves. However, since funds have significantly flowed after the attack, and the nature of DeFi protocols is liquidity pools, it is impossible to truly distinguish between different batches of depositors, making technical execution very challenging. The hacker borrowed $124 million on the Aave mainnet and $18 million on Arbitrum, and after deducting the coverage from the Umbrella protocol, there remains about $91 million in losses. Although this plan theoretically minimizes the spread of impact, its practical implementation is nearly impossible and could easily lead to legal and community disputes.

Polygon officials stated that they have been actively monitoring the rsETH vulnerability: Polygon Chain, Agglayer, and the entire ecosystem including Katana and Vaultbridge have not been affected by this incident. Polygon has safely transferred over $20 trillion in funds to date and will continue to closely monitor the situation.

Curve Finance announced on platform X that due to the LayerZero infrastructure being attacked in the rsETH hacking incident, it has decided to suspend Curve's LayerZero infrastructure as a precautionary measure until further understanding of the root cause of the incident. This action will affect:CRV bridging from the following chains: BNB, Sonic, Avalanche, Fantom, Etherlink, Kava (other chains will still use native bridging);The fast bridging of crvUSD (slow bridging on L2 will still be available for normal use).

The strategic director of Spark, monetsupply.eth, posted on platform X that as the stablecoin market begins to lack liquidity, the situation is entering a more dangerous phase. I believe that the ETH market is about 16.5% supported by rsETH, and if the loans supported by rsETH experience losses shared between the mainnet and external chains, there may be a 10% to 15% reduction in emode, leaving a remaining 2% to 3% reduction for ETH suppliers to smooth out the umbrella structure.ETH suppliers naturally tend to exit as soon as possible to avoid this risk, so the utilization rate is locked at 100%, and the borrowing rates are insufficient to incentivize the repayment of unrelated LST cycles (wstETH, weETH) to release liquidity. Since users cannot withdraw ETH, those who borrow stablecoins like USDT and use ETH as collateral cannot close their positions even when stablecoin borrowing rates rise, cutting off the typical incentive mechanism to maintain market health.Currently, two unhealthy incentives are causing the market utilization rate to be locked at 100%: 1) ETH holders cannot close their positions to maintain a healthy LTV, and liquidators cannot atomically withdraw or sell collateral, which may lead to bad debts if the ETHUSD price falls. 2) Users supplying USDT, in order to exit their holdings, tend to maximize borrowing of other stablecoins, which is currently generating positive returns (temporarily), thus the exit cost is low; if conditions worsen, they can at least recover 75% of the position value.The bottom line is that these pooled/re-staked lending markets must maintain liquidity at all costs to operate normally. The recent weakening of slope2 against Aave's maximum borrowing rate is having a negative impact and significantly increasing the risk of failure in the yield market.

etherFi posted on platform X that its Liquid treasury is temporarily not directly exposed to the Kelp rsETH event risk, but as a precautionary measure, it has suspended the LayerZero cross-chain bridging functionality for weETH and eETH until the root cause of the Kelp rs ETH event is clarified. Meanwhile, for Liquid (ETH, BTC, USD), sETHFI, and eBTC products, the relevant Teller contracts have been suspended to block the LayerZero OFT bridging path, and the deposit and withdrawal functions for the related assets have also been suspended. They are currently working closely with security partners and will provide timely updates once more details are confirmed.