Cointime

Download App
iOS & Android

$290 million stolen, with three parties passing the blame, who should ultimately be held responsible for the massive theft from KelpDAO?

The rsETH bridge contract of KelpDAO has been under hacker attack for over 30 hours, involving an amount equivalent to approximately $290 million. LayerZero, Kelp DAO, and Aave have made statements in succession, but most of them are to absolve themselves of responsibility and emphasize their own innocence. So far, they have not come up with a unified compensation and solution plan, and the entire incident has reached a stalemate.

1. Core of the event: Who should be responsible for this attack?

Based on the disclosure by LayerZero and the analysis by security institutions such as SlowMist, the direct cause of this attack has been clearly identified: the downstream RPC infrastructure relied upon by LayerZero's decentralized verification network (DVN) was breached; coupled with Kelp DAO's adoption of a 1/1 DVN verification configuration in the bridge contract, the attacker only needed to forge verification information that passed once to complete the attack. In terms of assigning responsibility, the industry consensus is basically clear:

Kelp DAO's primary responsibility lies in adopting a 1/1 single-point verification model, which constitutes a clear security design flaw and is the most direct cause for the ease of attack implementation. Therefore, it should bear the primary responsibility.

As the underlying cross-chain protocol, LayerZero allows project parties to set the number of validation nodes and thresholds independently. Although the 1/1 configuration is Kelp's own choice, as the underlying architecture provider, it bears an inescapable responsibility for not imposing restrictions or warnings on such high-risk configurations.

Aave's Indirect Liability. In order to expand its business, Aave granted excessive borrowing limits and collateral permissions to LRT assets like rsETH, which directly enabled hackers to quickly collateralize, cash out, and exit the market after their success. More notably, Aave's former risk control team, BGD Labs, had already pointed out the DVN configuration risks of Kelp DAO as early as January 2025. Although Kelp expressed adoption at the time, no actual modifications were made; subsequently, Aave did not continue to follow up on risk control, ultimately reaping what it sowed.

Brief summary: Kelp bears primary responsibility, LayerZero bears secondary responsibility, and Aave bears indirect risk control responsibility.

II. Embarrassing reality: the responsible party cannot afford to compensate, while the wealthy party does not want to compensate

The theoretical responsibility is clear, but the actual situation is extremely tricky.

As the primary responsible party, Kelp DAO has limited financial resources and is simply unable to cover the huge deficit of $290 million;

Whether it is to have all rsETH holders collectively take a haircut or to have L2 users bear the losses, both paths lead to a dead end for the project;

LayerZero and Aave are the ones with real solvency, but both have publicly claimed that their protocols are flawless, clearly indicating their unwillingness to easily take on the responsibility.

Thus, a typical deadlock was formed:

Kelp DAO has been nearly paralyzed and is unable to lead the compensation process;

Due to its reputation crisis, LayerZero has been suspended from access by multiple institutions such as Bitgo, Tron, Ethena, and Curve, putting its cross-chain business share in jeopardy;

Aave is facing a huge potential bad debt and continuous loss of TVL, but it is still trying to avoid a full guarantee.

However, this tug-of-war is difficult to sustain for a long time. LayerZero cannot abandon the OFT cross-chain ecosystem, and Aave cannot bear the continuous outflow of funds and chain bank runs. Both parties have strong motivations to resolve the incident as soon as possible.

III. The key to the three-party game: Aave's statement has exposed its true position

In its latest statement, Aave emphasized that "there are still sufficient assets backing rsETH on the Ethereum mainnet." The stance behind this statement is worth pondering. rsETH is a liquidity repledging certificate issued by Kelp DAO. Its underlying asset path is: ETH → Lido → EigenLayer → Kelp DAO → rsETH. The mainnet rsETH is the original certificate, while the L2 rsETH is a mapped asset bridged through LayerZero. When each L2 rsETH is issued, the corresponding token on the mainnet will be locked and managed. This hacker attack was not a "coin minting out of thin air," but rather a fraudulent act that involved forging cross-chain messages to trick the contract into releasing 116,500 rsETH that were originally locked on the mainnet. The hacker then pledged these real rsETH to Aave to borrow WETH and complete the cash-out. Aave's so-called "sufficient backing of mainnet rsETH" carries a very clear subtext:

The mainnet assets are real, and Kelp DAO should allow Aave to redeem the corresponding underlying ETH;

As for the L2 version of rsETH that has lost the backing of mainnet assets, Aave tends to no longer provide coverage.

Although this will result in approximately $359 million in bad debts in its L2 lending pool, Aave has evidently chosen to "sacrifice the lesser to preserve the greater," prioritizing the preservation of its core mainnet business. However, this path is difficult for LayerZero to accept. Once the L2 mapping tokens are directly reset to zero, LayerZero's cross-chain reputation will suffer a devastating blow, and the entire OFT ecosystem will be shaken.

IV. Industry analysis: Three solutions, each with fatal flaws

Industry insiders have conducted multiple rounds of discussions on the compensation path. DefiLlama founder 0xngmi summarized three possibilities, but all of them have obvious flaws:

All rsETH holders collectively took a haircut of approximately 18.5%, with losses borne proportionally by all token holders. Kelp DAO was held responsible, and Aave absorbed approximately $216 million in mainnet bad debts. Disadvantages: It undermined the confidence of token holders, putting the entire LRT ecosystem under pressure.

Abandoning the L2 mapping version of rsETH and preserving the mainnet asset Aave can maintain the mainnet business, but the L2 ecosystem will collapse directly, and the reputations of Kelp and LayerZero will be ruined. Disadvantage: It will greatly damage the cross-chain ecosystem.

Compensation will be made in full based on the snapshot before the attack, with subsequent holders bearing the loss. Compensation for real users before the attack will be made, while users who bought or transferred after the attack will bear the risk themselves. Disadvantages: Funds have already flowed extensively, making traceability and enforcement nearly impossible.

Yishi, the founder of OneKey, proposed a more realistic approach:

Prioritize negotiating with hackers, offering a 10%–15% bounty, to recover most of the funds with minimal cost and impact;

If the negotiation fails, the LayerZero Ecological Fund will bear the majority of the compensation to preserve the OFT ecosystem;

Kelp DAO has the weakest financial resources, but it can be compensated through tokens and future income, or even be acquired entirely by LayerZero or Bitmine;

Aave relies on Umbrella and stkAAVE as the final safety net, but it must not allow WETH depositors to bear any haircuts, otherwise it will trigger a full repricing across Morpho, Spark, Fluid, Euler, and other products, leading to a comprehensive blacklisting of the LRT track and causing the entire DeFi industry to regress by at least three years.

V. Prediction of the outcome: We cannot afford to delay, and ultimately someone must pay the bill

With hundreds of millions of dollars at stake, all parties will inevitably engage in fierce competition and repeated tug-of-war, with no one willing to become the biggest "sucker". However, the matter cannot be delayed for long:

LayerZero has been suspended from access by a large number of partners, and the longer the delay, the more severe the loss in the ecosystem;

The utilization rate of multiple Aave fund pools is approaching 100%, and depositors have been "trapped";

If the price of ETH falls sharply, clearing failures will lead to more bad debts, and the risk will snowball out of control, potentially shaking the entire DeFi foundation.

It can be foreseen that under the pressure of reputation, ecosystem, and survival, LayerZero and Aave will ultimately have to jointly bear most of the losses, while Kelp DAO will compensate with project assets and future earnings. The possibility of completely shifting the blame and escaping unscathed is almost non-existent.

Comments

All Comments

Recommended for you

  • Inside the 'fake police raid' that forced a $1M Bitcoin transfer

    A fake police raid enabled a $1 million Bitcoin robbery, exposing the rise of wrench attacks and the shift from digital hacks to physical crypto threats.

  • Arbitrum freezes $71M of Ether connected to Kelp exploit

    Griff Green, a member of Arbitrum’s security council, said the group acted with input from law enforcement and “did not make this decision lightly."

  • Bank of Korea's new chief vows to push CBDC, deposit tokens; leaves out stablecoins

    In his inauguration speech, Bank of Korea Governor Shin Hyun-song vowed to push for CBDC and deposit tokens.

  • Bank of Japan to Maintain Interest Rates in April

    On April 21, according to Nikkei News: The Bank of Japan will maintain interest rates unchanged in April.

  • Iranian Military: Ready to Respond Decisively to 'Enemy's Breach of Promises'

    On April 21, local time, Abdollahi, commander of the Khatam al-Anbiya Central Command of the Iranian Armed Forces, stated that Iran is prepared to respond decisively to the 'enemy's breach of promises.' Abdollahi emphasized that the current Iranian military possesses 'authority, readiness, and comprehensive strategic capabilities.' He noted that the Islamic Revolutionary Guard Corps and other defense forces have demonstrated combat capabilities in relevant operations, putting 'Israel and the United States in a difficult and fatigued position,' forcing them to 'seek a ceasefire.' Abdollahi also stressed that the Iranian armed forces maintain a high level of unity with the government and the people under the supreme leader's unified command, and will respond 'decisively, resolutely, and promptly' to any threats and actions. (CCTV News)

  • Another Iranian Oil Tanker Returns to Iran After Breaking US Blockade

    On April 21, according to CCTV News, maritime intelligence company 'TankerTrackers' reported that a tanker belonging to the National Iranian Tanker Company returned to Iran after unloading approximately 2 million barrels of crude oil in Indonesia, crossing the relevant maritime blockade line. The tanker is currently en route to Iran's main oil export hub, Khark Island, and is expected to arrive on April 22 local time. It is reported that the tanker set sail from Iran in late March, heading towards the Riau Islands of Indonesia.

  • White House: US and Iran on the Verge of Reaching an Agreement

    On April 21, White House Press Secretary Kayleigh McEnany stated in an interview with Fox News on the evening of the 20th that the United States and Iran are on the "verge of reaching an agreement." McEnany remarked, "The US has never been closer to achieving a truly good deal." However, she did not disclose any information regarding the current status of the negotiations. McEnany noted that even if an agreement is not reached, President Trump has multiple options and is not afraid to utilize these measures. Previous actions have demonstrated that Trump is not just "bluffing."

  • Kelp DAO Attacker Transfers 30,800 ETH to Special Address

    On April 21, news emerged that, according to monitoring by PeckShield, the Kelp DAO attacker transferred 30,800 ETH to a special address starting with 0x00000, possibly indicating a destruction action.

  • Trump: 'Midnight Hammer' Completely Dismantled Iran's Nuclear Dust Base

    On April 21, U.S. President Trump stated that the 'Midnight Hammer' operation has completely destroyed the 'nuclear dust' base within Iran. As a result, the cleanup will be a long and arduous process. The fake news media, including CNN and other corrupt media networks and platforms, have failed to give our great pilots the credit they deserve, instead always attempting to belittle and undermine them. They are losers!!! (Dongxin News Agency)