hodler

6 May 2026, 21:25

Aave Completes Liquidation of KelpDAO Hacker’s Remaining rsETH Position Across Ethereum and Arbitrum

BitcoinWorld Aave Completes Liquidation of KelpDAO Hacker’s Remaining rsETH Position Across Ethereum and Arbitrum Aave, a leading decentralized finance protocol, has executed the liquidation of the remaining rsETH position linked to the KelpDAO hacker. The move, reported by The Block, represents the final step in a previously disclosed recovery plan that required a governance vote to temporarily adjust the rsETH oracle price. The liquidation was carried out on both the Ethereum and Arbitrum networks, marking a coordinated effort to recover funds stolen in an earlier exploit. Background of the KelpDAO Exploit and Recovery Plan The KelpDAO hack, which occurred earlier this year, resulted in the theft of significant crypto assets, including rsETH tokens. In response, the Aave community and the KelpDAO team collaborated on a recovery strategy. A critical component of this plan was a governance proposal that temporarily modified the oracle price feed for rsETH on Aave. This adjustment was necessary to accurately reflect the asset’s value and enable the liquidation of the hacker’s position without causing undue market disruption or further losses to the protocol. The liquidation process on Aave is automated and triggered when a borrower’s collateral value falls below a certain threshold. By adjusting the oracle price, the community ensured that the hacker’s position could be liquidated in a controlled manner, returning funds to the protocol and its users. Execution Across Ethereum and Arbitrum The liquidation was executed on both the Ethereum mainnet and the Arbitrum layer-2 network. This dual-network approach reflects the hacker’s original activity, which spanned multiple chains to maximize the exploit’s impact. Aave’s cross-chain infrastructure allowed the recovery team to target positions on both networks simultaneously, ensuring a comprehensive recovery. According to on-chain data, the liquidation successfully closed the hacker’s remaining rsETH position, converting the collateral into Aave’s native stablecoin, GHO, and other assets. The recovered funds are expected to be returned to affected users as part of the ongoing remediation efforts. Implications for DeFi Security and Governance This event underscores the importance of robust governance mechanisms in decentralized finance. The ability of the Aave community to swiftly pass a proposal and adjust protocol parameters in response to a security incident demonstrates the flexibility and resilience of DeFi systems. However, it also highlights the challenges of oracle manipulation and the need for secure price feed mechanisms. For Aave, this successful recovery reinforces its reputation as a responsible and community-driven protocol. For the broader DeFi ecosystem, it serves as a case study in coordinated incident response and the potential for governance to mitigate the impact of hacks. Conclusion The liquidation of the KelpDAO hacker’s remaining rsETH position by Aave marks a significant milestone in the recovery process. Through a combination of governance action and technical execution, the protocol has demonstrated its ability to respond to security threats effectively. While the incident highlights ongoing risks in the DeFi space, it also provides valuable lessons for improving security and governance standards across the industry. FAQs Q1: What is rsETH and why was it targeted? rsETH is a liquid staking token issued by KelpDAO, representing staked ETH. The hacker exploited a vulnerability in the KelpDAO protocol to obtain a large amount of rsETH, which was then used as collateral on Aave. Q2: How did the oracle price adjustment work? The Aave governance community passed a proposal to temporarily adjust the oracle price feed for rsETH to a more accurate value. This allowed the protocol to liquidate the hacker’s position without causing a market panic or further losses. Q3: Will affected users get their funds back? Yes, the recovered funds from the liquidation are expected to be returned to affected users as part of the ongoing remediation plan coordinated by the KelpDAO team and Aave. This post Aave Completes Liquidation of KelpDAO Hacker’s Remaining rsETH Position Across Ethereum and Arbitrum first appeared on BitcoinWorld .

6 May 2026, 20:40

KelpDAO Shifts to Chainlink CCIP After $292M LayerZero Exploit

BitcoinWorld KelpDAO Shifts to Chainlink CCIP After $292M LayerZero Exploit KelpDAO, a prominent liquid staking protocol, has announced plans to migrate its cross-chain infrastructure from LayerZero’s OFT standard to Chainlink’s Cross-Chain Interoperability Protocol (CCIP). The decision follows a $292 million exploit that KelpDAO attributes to an internal issue within LayerZero’s infrastructure, raising fresh concerns about the security of widely used bridging protocols. Why KelpDAO Is Making the Switch In a statement, KelpDAO said the migration is part of a long-term strategy to reduce reliance on a single point of failure. The protocol’s team argued that the recent hack, which drained nearly $300 million in user funds, was not an isolated incident but indicative of deeper structural vulnerabilities in LayerZero’s architecture. While LayerZero has not publicly confirmed the root cause, the incident has accelerated a broader industry debate about cross-chain security standards. KelpDAO’s move to Chainlink CCIP is notable because CCIP is designed with multiple layers of risk management, including decentralized oracle networks, separate transaction validation, and rate limiting. Chainlink has positioned CCIP as a more secure alternative to existing bridging protocols, particularly for high-value asset transfers. Implications for the Cross-Chain Ecosystem The migration highlights a growing trend among DeFi protocols to prioritize security over speed or cost. KelpDAO’s decision could influence other protocols that currently rely on LayerZero’s OFT standard, especially those managing significant total value locked (TVL). Industry observers note that cross-chain bridges have been among the most targeted vectors in crypto attacks, with over $2 billion lost to bridge exploits since 2021. KelpDAO’s shift is a direct response to this systemic risk, signaling that protocols are increasingly willing to switch infrastructure providers to protect user funds. What This Means for KelpDAO Users For KelpDAO’s user base, the migration is expected to occur gradually, with the protocol maintaining compatibility with existing positions during the transition. No immediate changes to staking rewards or withdrawal processes have been announced. However, users should monitor official KelpDAO channels for specific timelines and any required actions. Conclusion KelpDAO’s migration from LayerZero to Chainlink CCIP is a significant vote of confidence in Chainlink’s cross-chain security model. It also serves as a cautionary signal for the broader DeFi industry about the importance of infrastructure resilience. As cross-chain activity continues to grow, the choice of interoperability protocol is becoming a critical risk management decision for protocols and their users alike. FAQs Q1: Why is KelpDAO leaving LayerZero? KelpDAO cited a $292 million hack linked to an internal LayerZero infrastructure issue as the primary reason. The protocol aims to reduce single-point-of-failure risk by adopting Chainlink CCIP. Q2: What is Chainlink CCIP? Chainlink CCIP (Cross-Chain Interoperability Protocol) is a secure messaging and token transfer protocol that uses multiple independent networks for validation, designed to prevent exploits common in simpler bridging solutions. Q3: Will KelpDAO users need to take action? KelpDAO has stated the migration will be handled gradually and automatically. Users are advised to follow official announcements for any specific steps, but no immediate action is required. This post KelpDAO Shifts to Chainlink CCIP After $292M LayerZero Exploit first appeared on BitcoinWorld .

6 May 2026, 19:41

After Disputing LayerZero Claims, KelpDAO Prepares Chainlink CCIP Migration

KelpDAO has publicly disputed claims made by LayerZero Labs regarding the April 18, 2026, exploit. In the latest post on X, it argued that the incident stemmed from failures within LayerZero’s infrastructure rather than any misconfiguration on its own platform. According to KelpDAO, attackers exploited LayerZero’s systems, resulting in the loss of more than $300 million across multiple DeFi protocols. The team further revealed that two additional forged transactions worth over $100 million were successfully signed and processed by LayerZero’s DVN before being halted after Kelp intervened and paused its contracts. KelpDAO Counters LayerZero Narrative Kelp claimed that this early response prevented further financial damage, even though the underlying bridging infrastructure remained active for some time after the issue had been detected and reported. At the center of the dispute is LayerZero’s assertion that the exploit resulted from a configuration issue specific to KelpDAO. Kelp rejected this explanation, while claiming that the configuration in question was widely used across the LayerZero ecosystem and aligned with its official documentation. Data cited by Kelp indicates that a significant portion of LayerZero applications relied on similar DVN setups, including many operating under a 1-1 configuration involving LayerZero’s own DVN. This setup was neither unique nor experimental but part of standard deployment practices followed by numerous protocols. Kelp also explained that LayerZero’s DVN is a core component of its ecosystem and is included in default configurations provided to developers. The company pointed out that LayerZero’s documentation and quickstart templates guide builders toward these default setups, often without requiring additional DVNs. Kelp stated that it followed these guidelines and maintained regular communication with the LayerZero team since integrating the infrastructure in early 2024. During this period, Kelp added that its configuration choices were reviewed and approved, and there was no indication that the setup posed a security risk. Reports cited by Kelp describe compromised off-chain systems responsible for monitoring blockchain activity, as well as fraudulent attestations triggered through the DVN. Some researchers have detailed the event as a broader infrastructure breach rather than a limited RPC issue, which, again, points to compromised nodes and weaknesses within LayerZero’s trust boundary. Meanwhile, LayerZero Labs admitted in its postmortem that attackers accessed RPC endpoints used by its DVN and took control of multiple nodes before carrying out what it called an RPC spoofing attack. However, Kelp and independent analysts believe that this description downplays the issue, as fake messages were still approved despite safeguards. Transition to Chainlink KelpDAO implemented immediate measures to secure its systems in response. This included pausing contracts and conducting a full review of its bridging infrastructure. As part of its long-term strategy, the protocol has announced plans to migrate away from LayerZero’s OFT standard and adopt the Cross-Chain Interoperability Protocol (CCIP) developed by Chainlink. This transition will move rsETH to Chainlink’s Cross-Chain Token standard. The protocol revealed that the aim of this change is to reduce reliance on single points of failure while strengthening cross-chain security going forward. The post After Disputing LayerZero Claims, KelpDAO Prepares Chainlink CCIP Migration appeared first on CryptoPotato .

6 May 2026, 17:16

Ethena, Kelp DAO diverge on root cause of $300M LayerZero exploit

Ethena and Kelp DAO have offered different views on the $300M LayerZero exploit, underscoring a broader debate on DeFi security models.

6 May 2026, 16:19

KelpDAO Slams Layerzero After $300M Exploit, Shifts rsETH to Chainlink CCIP

Following a $300 million exploit on April 18, 2026, KelpDAO has publicly challenged LayerZero Labs’ account of the incident, alleging that the bridge provider is deflecting blame for its own infrastructure failures. The Dispute Over Network Configuration KelpDAO has issued a blistering response to Layerzero Labs following an April 18 exploit that drained more than

6 May 2026, 15:03

LayerZero and KelpDAO trade accusations over $292M North Korea-linked hack

Bryan Pellegrino, founder and CEO of LayerZero Labs, has fired back at KelpDAO after the liquid restaking protocol published a long post alongside screenshots that it claims are proof that LayerZero personnel approved the single-verifier bridge configuration that was exploited in the $292 million hack on April 18. Pellegrino said KelpDAO’s account of the events is largely untrue and that Kelp itself downgraded from a more secure default setup. The public pointing of accusing fingers between both platforms fractures what has shaped up to be a unified front by DeFi projects that took it upon themselves to contain the fallout of the exploit, rallying under the banner “DeFi United.” LayerZero pledged more than 10,000 ETH to Aave-led recovery efforts on April 28, according to a post from the protocol’s official account. However, the latest development begs the question of who bears responsibility for the exploit’s root cause, and so far, it seems to have turned former allies into adversaries. Why are LayerZero and KelpDAO beefing? In a thread posted on X on May 5, Pellegrino challenged three specific claims KelpDAO made in its announcement that it would migrate rsETH bridging from LayerZero to Chainlink’s CCIP. “A ton of this is just completely untrue,” Pellegrino wrote . He said Kelp originally deployed with LayerZero’s default multi-DVN (Decentralized Verifier Network) configuration and “manually migrated to a 1/1 config later.” Pellegrino said KelpDAO downgraded itself from a more secure default setup. Source: @PrimordialAA via X/Twitter. A 1-of-1 DVN setup means a single verification signature is enough to authorize cross-chain token transfers, removing the redundancy that multi-DVN provides. Pellegrino added that “almost 100% of the volume on a 1/1 config was rsETH,” pointing to Kelp as the dominant user of the setup that was exploited. He also noted that LayerZero’s documentation warns against using a single-verifier configuration for production applications. In an earlier post on May 4, Pellegrino acknowledged personal conflict over the situation. “I still carry a huge amount of cognitive dissonance here,” he wrote. Pellegrino stated that he was wrong on the assumption that someone manually changing the configs that they had helped them to set up to a 1/1 was impossible. Based on Pellegrino’s admission, the protocol provided the infrastructure, but each application chose how to configure it. While he stated that it was easy to sit back and do nothing, he acknowledged that it was not the right approach. KelpDAO says LayerZero signed off on the setup KelpDAO’s May 5 post took a different position. According to Cryptopolitan’s earlier reporting , Kelp published Telegram screenshots showing a LayerZero team member writing “No problem on using defaults either” during discussions about Kelp’s L2 expansion. Kelp says those exchanges span eight discussions over 2.5 years without objection from LayerZero personnel. Kelp announced it is migrating rsETH to Chainlink’s CCIP, calling the move a direct response to the exploit. The migration is already in progress. Kelp’s GitHub repository lists a new “CCIP (Chainlink) RSETH” contract alongside the legacy LayerZero RSETH_OFT contract, according to Cryptopolitan’s earlier coverage. The exploit and its scale The April 18 attack drained 116,500 rsETH, roughly 18% of the liquid restaked token in circulation, from Kelp’s LayerZero-powered bridge. At the time of the exploit, 47% of active LayerZero OApp contracts used a 1-of-1 DVN setup, according to data cited in earlier reporting. LayerZero has since banned the configuration and is pushing migrations across its application base. DeFi is at a crossroads The Pellegrino-Kelp dispute will likely shape how DeFi protocols negotiate security responsibilities with infrastructure providers going forward. LayerZero faces pressure to explain why nearly half its application base ran a configuration it now calls unacceptable. Kelp faces scrutiny over why it downgraded from a multi-verifier default, if Pellegrino’s account is accurate. The frozen ETH on Arbitrum remains in legal limbo, and the 10,000 ETH DeFi United recovery contribution from LayerZero is disappearing in the rearview mirror. Your bank is using your money. You’re getting the scraps. Watch our free video on becoming your own bank