Kelp DAO Pushes Back on LayerZero’s Criticism
Kelp DAO has publicly countered LayerZero’s claim that its 1-of-1 decentralized verified network (DVN) configuration created a single point of failure in the $292 million exploit. In a statement on X, Kelp DAO emphasized that the 1-of-1 DVN setup was the default configuration shipped by LayerZero for new OFT deployments and had been affirmatively confirmed as appropriate during earlier discussions. The protocol noted it has operated on LayerZero infrastructure since January 2024 and maintained open communication throughout. This response aims to clarify responsibility while the team assesses next steps for resuming operations.
Aave Outlines Two Major Bad Debt Scenarios
The exploit has quickly spread to Aave, where the attacker deposited 89,567 rsETH (worth roughly $221 million) as collateral and borrowed 82,650 WETH plus 821 wstETH. Aave’s latest incident report details two hypothetical bad debt scenarios depending on how Kelp DAO handles loss allocation:
- Scenario 1 (Uniform Socialization): Losses spread evenly across chains, causing a 15.12% rsETH depeg and approximately $123.7 million in bad debt for Aave. Ethereum Core would absorb the largest absolute loss ($91.8 million), but its deep WETH reserves limit the shortfall to 1.54%. Mantle faces the highest proportional impact at 9.54%.
- Scenario 2 (L2 Isolation): Losses confined to L2 rsETH, imposing a 73.54% haircut on L2 collateral and resulting in $230.1 million in bad debt across Aave V3 markets on Mantle, Arbitrum, and Base.
Aave noted its $181 million DAO balance sheet and ecosystem commitments could provide a backstop, with the WETH Umbrella ($54 million) potentially covering losses in the first scenario.
Arbitrum Security Council Freezes $71 Million in Stolen ETH
In a swift response, the Arbitrum Security Council froze 30,766 ETH (approximately $71.1 million) in an address linked to the exploit. The funds were moved to an intermediary frozen wallet and will only be released through formal Arbitrum governance action. The council stated it acted with law enforcement input on the exploiter’s identity while ensuring no disruption to other users or applications on the chain. Preliminary findings continue to point to the North Korean hacking group Lazarus as the likely perpetrator.
Broader DeFi Implications and Investor Outlook
The Kelp DAO incident underscores ongoing vulnerabilities in cross-chain bridges and the importance of multi-DVN verification. Aave’s proactive modeling of bad debt scenarios demonstrates strong risk management, but the final outcome will depend on Kelp DAO’s loss allocation decisions. For DeFi users, this event highlights the need to monitor collateral health factors and bridge security configurations. Ethereum (ETH) and the broader market have shown resilience so far, but sustained vigilance is essential as investigations continue.
