A cross-chain bridge that managed nearly 20% of the circulating supply of a restaked ether token has just been compromised, causing repercussions in the DeFi space that are unfolding at a rapid pace, outpacing Kelp DAO’s ability to halt contracts.
An attacker successfully siphoned off 116,500 rsETH (restaked ether) from Kelp DAO’s LayerZero-enabled bridge at 17:35 UTC on Saturday. This theft is valued at approximately $292 million based on current market rates and constitutes around 18% of rsETH’s total circulating supply of 630,000 tokens as reported by CoinGecko.
LayerZero serves as a messaging layer for cross-chain communication, allowing different blockchains to exchange verified commands. Kelp DAO operates as a liquid restaking protocol that accepts user-deposited $ETH, channels it through EigenLayer for additional yield beyond standard Ethereum staking rewards, and issues rsETH as a tradable receipt.
The drained bridge was responsible for holding the rsETH reserves backing wrapped versions deployed across more than twenty other blockchains.
The attacker deceived LayerZero’s messaging system into accepting what appeared to be legitimate instructions from another network. This led Kelp’s bridge to release 116,500 rsETH into an address controlled by the assailant.
Kelp’s emergency pauser multisig halted the core contracts of the protocol just 46 minutes after the successful heist occurred at 18:21 UTC. Two subsequent attempts made shortly after—at 18:26 UTC and again at 18:28 UTC—were unsuccessful; both tried to drain an additional amount of about $100 million worth or another 40,000 rsETH using identical LayerZero packets.
rsETH is utilized across over twenty networks including Base, Arbitrum, Linea, Blast, Mantle and Scroll with LayerZero’s OFT standard facilitating its cross-chain transactions.
The reserve held within this bridge was essential for backing wrapped versions across all layer-2 blockchains or networks built atop Ethereum.
With this reserve now depleted holders outside Ethereum must grapple with concerns regarding whether their tokens retain any value beneath them. This situation could lead to panic-driven redemptions on L2s which may pressure unaffected supplies on Ethereum itself—potentially forcing Kelp to unwind its restaking positions in order to accommodate withdrawals.
The list of contagion continues expanding rapidly.
Aave promptly froze its markets involving rsETH on both V3 and V4 within hours following the incident; founder Stani Kulechov confirmed that while external exploitation occurred Aave’s own contracts remained secure. Other platforms like SparkLend and Fluid also suspended their respective markets tied to rsETH immediately afterward.
AAVE experienced about a ten percent drop as market participants began factoring in potential bad debt implications stemming from this event.
Lido Finance decided against further deposits into its earnETH product—which carries exposure related directly back towards rsETH—and clarified that st ETH along with wst ETH remain unaffected while emphasizing no involvement from Lido’s core staking protocol during these events transpired either way!
Ethena took precautionary measures by temporarily halting operations concerning its LayerZero OFT bridges originating from Ethereum mainnet stating there exists no direct exposure towards any form related back towards RS eth yet remains fully collateralized exceeding over one hundred percent! The stablecoin issuer announced plans lasting roughly six hours until identifying root causes behind such disruptions occurring lately!
Kelp—a project under KernelDAO—acknowledged these developments via public post made available around twenty ten utc almost three hours post-drain incident taking place earlier today announcing investigations alongside partners including Unichain auditors plus third-party security specialists working diligently together too! However specifics regarding how exactly exploit circumvented validation logic employed within bridges still remain undisclosed currently!
Whether or not Rs eth maintains peg throughout weekend hinges largely upon how much floating currency attempts redeeming back into $eth located solely within ethereum ecosystem coupled together whether kelps able recoup portions stolen funds before tornado cash trail goes cold altogether…
This hacking incident occurs amidst particularly tumultuous times facing decentralized finance sector overall given recent events wherein solana-based perpetuals protocol drift suffered losses nearing two hundred eighty-five million dollars linked later identified actors affiliated north korea followed closely behind multiple smaller protocols falling prey attacks since then namely cow swap zerion rhea finance silo finance etc…
Kelps staggering loss totaling two hundred ninety-two million marks largest de-fi exploit recorded thus far throughout year twenty-six overtaking previous record set drift only mere millions apart previously noted above…