§1.0
Executive summary
rsETH · LayerZero OFT · Unichain → Ethereum
rsETH LayerZero OFT Exploit
Kelp's bridge relied on a single verifier, run by LayerZero Labs, to confirm cross-chain transfers. That verifier checked transactions by polling a set of independent servers for what had happened on-chain. North Korean attackers identified exactly which servers the verifier used, broke into some and replaced their software with a tampered version that reported a fake transaction, and knocked the rest offline by flooding them with traffic. With only the compromised servers responding, the verifier approved a Unichain-to-Ethereum transfer that never happened, releasing 116,500 rsETH from the bridge's reserves.
Estimated loss
$293.56M
116,500 rsETH released on Ethereum
Recovered funds
$73.57M
30,765.667 ETH frozen on Arbitrum
Arbitrum Security Council moved the exploiter-linked collector balance into frozen wallet 0x0000…0DA0 on 2026-04-21 03:35:08 UTC.
rsETH price move
-10.57%
-$266.45
Exploit price
$2,519.82
2026-04-18 17:59:02 UTC
Current price
$2,253.38
2026-04-22 10:59:02 UTC
Incident at
17:35:00 UTC
2026-04-18
Exploit path
UnichainEthereumArbitrum
3 chains: forged route plus downstream leverage
Affected markets
ArbitrumMantleBaseInkLineaAvalancheEthereum
7 Aave collateral / freeze markets
Protocols affected
34+
§2.0
Root cause
§2.1 — Structural enabler
1-of-1 DVN configuration
Kelp's Unichain→Ethereum OFT route was configured with LayerZero Labs itself as the sole Decentralized Verifier Network signer. With a 1-of-1 DVN, a compromised attestation path was sufficient to release funds; no independent co-signer existed to reject the forged payload.
§2.2 — Operational compromise
op-geth implant inside trust boundary
Attackers, attributed to DPRK Lazarus / TraderTraitor, placed a malicious op-geth binary on two upstream RPC nodes that the DVN observed Unichain through. DDoS forced failover onto those nodes, which returned fabricated PacketSent events. Signing behaved correctly; inputs were forged.
§2.3 — Unanswered questions
Gaps in the LayerZero postmortem
Which RPC providers operated the two compromised nodes? How was the op-geth implant introduced — social engineering of an operator (the Lazarus / TraderTraitor playbook)?
§2.4 — Attack chain
01
Perimeter breach
LayerZero infra accessed via TraderTraitor-style social-engineering toolchain.
§2
02
RPC list modification
DVN upstream config pointed to two attacker-controlled Unichain RPC endpoints.
§3.1
03
Malicious op-geth implant
Custom op-geth binary on the compromised RPC nodes fabricates PacketSent events in-memory.
§3.2
04
IP-cloaked forgery
Forged events returned only to requests from the DVN's IP range; every other caller sees truthful state.
§3.3
05
DDoS on honest RPCs
External Unichain RPCs flooded to force DVN failover onto the compromised nodes.
§3.4
06
DVN attests with real keys
Signing path correct; only inputs fabricated. 116,500 rsETH released against a packet never sent on the source chain.
§4
§3.0
Timeline
2026-04-18 UTC
17:20:00Z
LZ infra
Attack window opens — DDoS begins against uncompromised RPCs
Uncompromised external RPCs used by the LayerZero Labs DVN to observe Unichain are DDoSed until unreachable, forcing failover onto two pre-implanted op-geth nodes that serve forged state only to the DVN's IP range.
LayerZero Labs
17:33:35Z
on-chain · ETH
Nonce 308 PayloadVerified on Ethereum
A single DVN (LayerZero Labs) verifies an inbound rsETH packet for nonce 308 on the Ethereum receive library, while Unichain's source endpoint still reports outbound nonce 307 — the source-side burn never happened.
banteg forensics
17:35:11Z
tornado-cash
Nonce 308 commitVerification
A fresh Tornado-funded EOA (0x4966…75e) manually commits the already-verified packet on the receive library — the commit step is permissionless, so any caller can advance a verified message.
17:35:35Z
on-chain · ETH
116,500 rsETH released from Ethereum adapter inventory
lzReceive on the Ethereum endpoint releases 116,500 rsETH to intake wallet 0x8b1b…d3b, draining the Kelp adapter balance from 116,723.52 to 223.52 rsETH.
17:37:23Z
tornado-cash
Attacker disperses funds into 7 pre-funded branch wallets
Within ~5 minutes, the intake wallet splits 116,500 rsETH into seven branch wallets, each itself Tornado-funded hours earlier with ~0.098 ETH.
17:38:47Z
aave
First Aave V3 rsETH supply on Ethereum
Branch wallet 0x1f4c…adef supplies 1 rsETH into Aave V3 via multicall, sets eMode=3, then scales up through additional supplies totaling 53,000 rsETH as collateral.
17:43:47Z
aave
Attacker completes ~52,440 ETH borrow against stolen rsETH
Across four draws (0.98, 4,923.96, 19,745.04, 27,770.59 ETH) through the Aave WETH gateway, branch wallet 0x1f4c…adef extracts 52,440 ETH while the Aave position remains open. A second branch later repeats the pattern at smaller scale.
17:44:47Z
on-chain · ETH
First ETH consolidation into collector
52,440.68 ETH is sent to collector 0x5d39…ccc, with four more branches forwarding their borrowed/swapped ETH over the next minutes — total 75,700.75 ETH.
18:23:11Z
governance
Kelp Safe freezes attacker recipient
A Kelp-controlled Gnosis Safe calls sweep() on canonical Ethereum rsETH, setting transfersBlockedUntil for 0x8b1b…d3b and blocking any further rsETH transfers to the intake wallet.
18:25:47Z
on-chain · ETH
Second 40,000 rsETH packet verified
A second packet for 40,000 rsETH is PayloadVerified by the same single DVN, this time after the Kelp freeze is already in place.
18:26:35Z
governance
Second execution attempt reverts
The first lzReceive retry for nonce 309 reverts with TransfersBlocked, even though the adapter still holds ~40,357 rsETH — the Kelp-side freeze (not inventory) is what stops delivery.
19:00:00Z
aave
Aave Guardian freezes rsETH / wrsETH and sets LTV to 0
Aave Guardian freezes rsETH/wrsETH reserves and sets LTV to 0 across 11 V3 markets, locking attacker collateral positions in place.
Aave incident report
20:15:00Z
multi-chain
Morpho pauses rsETH markets
Morpho curators disable rsETH-denominated markets on affected chains, and the MORPHO token OFT bridge on Arbitrum is paused precautionarily.
21:00:00Z
off-chain
Kelp DAO confirms OFT exploit
Kelp DAO confirms the incident is tied to the LayerZero OFT adapter's 1/1 DVN on the Unichain→Ethereum path, and that mainnet rsETH remains fully backed.
23:30:00Z
off-chain
LayerZero Labs incident disclosure
LayerZero Labs publishes its postmortem attributing the attack to a state-sponsored actor (likely DPRK's Lazarus Group / TraderTraitor) that compromised the DVN's upstream RPC infrastructure, and commits to no longer attesting as a single DVN for any 1-of-1 application. Full breakdown in the root-cause section.
LayerZero Labs
2026-04-19 UTC
02:00:00Z
multi-chain
Mass precautionary pauses across 20+ protocols
Ethena, ether.fi, Curve (CRV/crvUSD), BitGo/WBTC, Orderly, Frax, ApeCoin, Euler, and others pause LayerZero OFT bridging while DVN sets are audited.
@CatfishFishy thread
10:00:00Z
on-chain · ETH
Sky disables rsETH-backed routes
Sky governance passes an emergency proposal to disable rsETH-related PSM routes.
14:00:00Z
off-chain
Aave publishes chain-by-chain rsETH exposure
Aave confirms external rsETH collateral (Arbitrum $152M, Base $71M, Mantle $116M, Ink $21M, Linea $1.4M) and blocks WETH withdrawals on affected markets, with mainnet rsETH fully backed.
@aave
14:30:00Z
aave
Aave adjusts WETH interest rates on non-core markets
Aave reduces WETH Slope 2 to 1.50% on Arbitrum, Base, Mantle, and Linea, dropping borrow rates at 100% utilization from 8.5–10.5% to 3.0% APR to pre-empt liquidation cascades on pinned L2 markets.
Aave incident report
16:00:00Z
off-chain
Kelp DAO publishes 'April 18 Incident: Additional Context'
Kelp's follow-up clarifies that the breach was on LayerZero-hosted RPC nodes (not Kelp infrastructure) and that its pause, blacklist, and SEAL-911 engagement fully mitigated a second phantom-packet attempt worth 40,000 rsETH (~$95M). Kelp also notes the 1-of-1 DVN setup was LayerZero's documented default, affirmed during Kelp's L2 expansion.
@KelpDAO
2026-04-20 UTC
02:00:00Z
aave
Aave freezes WETH reserves and disables new borrows
Aave Guardian freezes WETH reserves and disables new borrows across Core, Prime, Arbitrum, Base, Mantle, and Linea — 6,077 suppliers and $4.87B of WETH collateral backing $2.87B of uncorrelated debt, with utilization already pinned at 100%.
Aave incident report
05:00:00Z
aave
Aave adjusts WETH interest rates on core markets
Aave reprices WETH on Core, Prime, Arbitrum, Base, Mantle, and Linea (Slope 1 = 2%, Slope 2 = 3%, optimal utilization = 94%) to dampen borrow-side pressure while reserves remain frozen.
Aave incident report
10:00:00Z
off-chain
Dashboard snapshot: situation still active
Loss allocation is still TBD, several 1/1 DVN OFT deployments remain unupgraded, and Aave WETH withdrawals stay blocked on affected L2s. Many protocols remain in precautionary pause while attacker clusters on Ethereum and Arbitrum still hold open Aave positions.
14:00:00Z
off-chain
Aave publishes formal rsETH incident report
Aave's incident report confirms 89,567 rsETH deposited as attacker collateral across Ethereum and L2 markets, with potential bad debt of $123.7M–$230.1M pending Kelp's loss-allocation decision. Full detail in the Aave fallout section.
Aave Governance
2026-04-21 UTC
03:35:08Z
governance
Arbitrum Security Council freezes 30,765.667 ETH from exploiter-linked wallet
An emergency Arbitrum Security Council action moves 30,765.667 ETH from the exploiter-linked Arbitrum collector into intermediary frozen wallet 0x0000…0DA0, with any further movement now requiring Arbitrum governance action.
Arbitrum DAO
§4.0
Aave attack economics
How 116,500 fraudulently released rsETH became $193M of borrowed WETH + wstETH. Figures sourced from the Aave governance incident report on April 20, 2026.
stage 1Released on Ethereum
116,500 rsETH
≈ $293M at exploit time
Amount of rsETH deposited as Aave collateral
89,567 rsETH
77% of released amount
≈ $221M
Allocation of the 116,500 rsETH release
Aave Ethereum
deposited on Ethereum mainnet
53,400 rsETH
45.8% of released
Aave Arbitrum
bridged to Arbitrum, then supplied on Aave
36,167.23 rsETH
31.0% of released
Not deposited on Aave
monetized directly via Compound V3, Euler EVK, and KyberSwap → ETH collector
26,933 rsETH
23.1% of released
Stolen rsETH was split across seven branch wallets: two opened leveraged Aave positions on Ethereum, five bridged to Arbitrum and opened a second Aave cluster, and the rest was swapped directly to ETH via Compound V3, Euler EVK, and KyberSwap.
stage 2Borrowed against rsETH collateral
82,650 WETH + 821 wstETH
≈ $193M
Arbitrum recovery
30,765.667 ETH
frozen in intermediary wallet
$74M
value at recovery transaction
40.6%
of extracted ETH now frozen
Arbitrum Security Council moved funds from the exploiter-linked Arbitrum collector into frozen wallet 0x0000…0DA0 on 2026-04-21 03:35:08 UTC. That represents 37.2% of the Aave-borrowed WETH leg and 44,935.08 ETH remains outside this freeze out of 75,700.747 ETH extracted downstream.
Borrowed value by Aave market
Total borrowed value: $193M
Ethereum
52,854 WETH
$122M
63.2% of borrowed
Arbitrum
29,796 WETH + 821 wstETH
$71M
36.8% of borrowed
Seven attacker addresses across 2 chains. Health factors pinned just above liquidation (~1.01–1.03) after funds were dispersed, and one downstream collector balance was later frozen on Arbitrum.
Aave bad debt, by chain
Chains where rsETH is listed as Aave collateral
source: Aave incident report
Total bad debt lands between $124M and $230M depending on how Kelp prices the shortfall. Two scenarios from the Aave report:
- S1 · uniform — Kelp redeems rsETH 1:1 against remaining backing, spreading a 15.12% depeg across every rsETH holder. Mainnet Aave absorbs most of the hit because that is where the largest rsETH collateral base sits; L2 markets see only a proportional haircut.
- S2 · L2-isolated — Kelp honors mainnet rsETH at full value and isolates the loss to L2 markets that received bridged-but-unbacked rsETH, forcing a 73.54% haircut on those chains. Mainnet carries no bad debt.
112,204 rsETH remains unbacked against 152,577 remote claims outstanding — the shortfall being allocated below. Ethereum mainnet is included because, under S1, socialization reaches mainnet Aave positions even though no attacker rsETH sits there as collateral. Avalanche is omitted: rsETH is listed but exposure is sub-$100 in both scenarios.
Dashed line — Aave Umbrella coverage capacity (aWETH staked, net of cooldown).
Bad debt on Aave's books
S1 · uniform
$124M
Kelp spreads 15.12% depeg across all rsETH holders
S2 · L2-isolated
$230M
73.54% haircut absorbed by L2 markets only
Aave's insurance backstop
Umbrella capacity
$54M
aWETH staked and burnable toward bad debt
Covers
44% / 23%
of S1 / S2 — remainder falls on Safety Module or treasury
§5.0
Affected protocols
pausedfully haltedpartialsome assets or chains still restricted, others unfrozenreduce-onlywithdrawals and repays only, no new deposits or borrowsoperationalprecautionary pauses lifted
| Protocol | Assets paused | Status | Chains | rsETH exposure | Source / updated |
|---|---|---|---|---|---|
| Aave V3 | rsETH (frozen); WETH reserves frozen | partial | 5 | yes | x.com · 2026-04-18 07:30 UTC |
| Aave V4 | rsETH (frozen) | reduce-only | 1 | yes | x.com · 2026-04-18 08:00 UTC |
| Morpho | rsETH markets; MORPHO OFT (Arbitrum) | paused | 3 | yes | app.morpho.org · 2026-04-18 08:15 UTC |
| Sky | rsETH PSM routes | paused | 1 | yes | forum.sky.money · 2026-04-19 02:00 UTC |
| Jupiter Lend | rsETH isolated market | paused | 1 | yes | jup.ag · 2026-04-18 12:00 UTC |
| Kelp DAO | rsETH OFT bridging | paused | 10 | yes | kelpdao.xyz · 2026-04-18 09:00 UTC |
| Ethena | LayerZero OFT bridges (mainnet) | operational | 1 | — | ethena.fi · 2026-04-18 14:00 UTC |
| ether.fi | weETH, eETH, Liquid vaults (ETH/BTC/USD), sETHFI, eBTC | operational | 1 | — | ether.fi · 2026-04-18 14:00 UTC |
| TRON DAO | TRX LayerZero OFT | paused | 1 | — | trondao.org · 2026-04-18 14:00 UTC |
| Curve Finance | CRV (BNB, Sonic, AVAX, Fantom, Etherlink, Kava); crvUSD fast bridge | partial | 6 | — | curve.fi · 2026-04-18 14:00 UTC |
| BitGo / WBTC | Wrapped BTC OFT | paused | 1 | — | bitgo.com · 2026-04-18 14:00 UTC |
| River | satUSD & RIVER | paused | 4 | — | — · 2026-04-18 14:00 UTC |
| Pudgy Penguins (PENGU) | PENGU OFT bridges | paused | ? | — | — · 2026-04-18 14:00 UTC |
| Agora (AUSD) | LayerZero OFT bridges | partial | 3 | — | — · 2026-04-18 14:00 UTC |
| f(x) Protocol | LayerZero OFT (mainnet) | paused | 1 | — | — · 2026-04-18 14:00 UTC |
| Matrixdock | XAUm cross-chain bridges | paused | ? | — | — · 2026-04-18 14:00 UTC |
| ApeCoin | LayerZero bridges | paused | ? | — | — · 2026-04-18 14:00 UTC |
| Euler Labs | EUL LayerZero OFT | paused | ? | — | — · 2026-04-18 14:00 UTC |
| Katana | OFT path on Vaultbridge (2/3 DVN) | partial | ? | — | — · 2026-04-18 14:00 UTC |
| Orderly Network | LayerZero DVN (upgrading) | operational | 5 | — | — · 2026-04-18 18:00 UTC |
| mETH Protocol | mETH & cmETH OFT + withdrawals | paused | 1 | — | — · 2026-04-18 14:00 UTC |
| Solv Protocol | LayerZero OFT (ETH ↔ Corn/Bera/Starknet/Rootstock) | paused | 5 | — | — · 2026-04-18 14:00 UTC |
| MOCA Foundation | $MOCA OFT bridge | paused | ? | — | — · 2026-04-18 14:00 UTC |
| Re | LayerZero OFT bridges | paused | ? | — | — · 2026-04-18 14:00 UTC |
| Avant | LayerZero OFT (Movement) | paused | 1 | — | — · 2026-04-18 14:00 UTC |
| Beefy | LayerZero bridge | partial | ? | — | — · 2026-04-18 14:00 UTC |
| Flare | FXRP OFT rail | operational | 5 | — | — · 2026-04-18 14:00 UTC |
| Lombard | LBTC LayerZero routes (Solana ↔ ETH) | partial | 2 | — | — · 2026-04-18 14:00 UTC |
| USDT0 | USDT0 OFT bridging | operational | ? | — | — · 2026-04-18 14:00 UTC |
| infiniFi | LayerZero OFT bridge | paused | ? | — | — · 2026-04-18 14:00 UTC |
| Suilend | LayerZero-issued tokens (WBTC) | paused | 1 | — | — · 2026-04-18 14:00 UTC |
| Kamino | USDS, LBTC, FBTC (reduce-only) | reduce-only | 1 | — | — · 2026-04-18 14:00 UTC |
| Swell Network | swETH, rswETH, SWELL, rSWELL + Nucleus (monitoring) | partial | 3 | — | swellnetwork.io · 2026-04-18 14:00 UTC |
| Frax Finance | Cross-chain transfers (3/3 DVN) | operational | ? | — | frax.finance · 2026-04-18 14:00 UTC |
Loading Dune-verified bridges…
§7.0
Sources & further reading
- Arbitrum DAOSecurity Council emergency actionforum.arbitrum.foundation/t/security-council-emergency-action-21-04-2026/30803
- Aave GovernanceGovernance incident reportgovernance.aave.com/t/rseth-incident-report-april-20-2026/24580
