Scams Radar

Icon-facebook Icon-instagram-1 Tiktok Telegram Whatsapp Youtube Youtube

Kelp DAO and Aave to Resume rsETH Operations After $292M Exploit

Illustration of Kelp DAO rsETH operations resuming after the Aave exploit with stacked crypto coins and ladders

Kelp DAO and Aave have announced the phased resumption of rsETH operations following the massive $292 million security breach in April. This recovery marks a critical turning point for the DeFi ecosystem as it recovers from the largest exploit of 2026.

Recovery Timeline and Withdrawal Status

Kelp DAO plans to unpause withdrawals and restart full operations within the next 24 hours. This follows the successful initial recovery steps coordinated with industry partners.

  • Fund Restoration: A total of 117,132 rsETH will be progressively moved back into the LayerZero adapter over the next two weeks.
  • Operational Restart: Users can soon resume deposits, redemptions, bridging, and reward claims.
  • Aave Collaboration: Aave has confirmed the completion of the first recovery phase, which included burning the exploiter’s stolen assets on the Arbitrum network.

Enhanced Security Protocols

In response to the attack, which is linked to North Korea’s Lazarus Group, Kelp DAO is implementing rigorous security updates to prevent future vulnerabilities.

Major Security Changes:

  1. Independent Verification: Bridging now requires four independent attestors instead of one.
  2. Higher Confirmations: Block confirmations have been increased from 42 to 64 for better finality.
  3. Infrastructure Migration: Kelp is moving from LayerZero to Chainlink’s CCIP for more robust cross-chain security.
  4. Route Deprecation: All direct Layer-2 to Layer-2 (L2-to-L2) bridging routes have been disabled.

Legal and Financial Restitution Efforts

The recovery process faced complex legal hurdles involving frozen funds and international terrorism judgments.

  • DeFi United Initiative: Aave led a recovery fund that raised over $300 million to cover bad debt and stabilize the protocol.
  • Arbitrum Frozen Funds: While $72 million was frozen on Arbitrum, legal claims from terrorism victims briefly delayed the transfer.
  • Court Ruling: A federal court recently allowed the transfer of ETH to Aave, though the funds remain under strict court supervision until final approval.

 

Industry Accountability: LayerZero’s Response

LayerZero has issued a formal apology regarding the exploit. The firm admitted that allowing a “1-of-1” validator configuration created a single point of failure. Moving forward, the industry is shifting toward multi-validator setups to ensure that high-value transactions are protected by decentralized security layers.

Reviews:

Leave Your Review Here:

Scams Radar disclaimer highlighting educational purpose, no financial guarantees, risk warnings, and independent opinions.