John

@hasufl @bkiepuszewski Wrong. rsETH on L2 are not burned&minted, they are stored in a proxy contract on mainnet (OFT adapter), L2 are IOUs in rsETH case. This is why they only stole 116k because that's what was stored on mainnet. Some OFTs actually burn and mint tokens like PYUSD.

"Users should know that there is a difference between rsETH on Ethereum and rsETH on L2s." I wonder if this isn't pretty much your bias as someone who wants the L2 roadmap to work, which requries assets to be issued on the L1 and then bridged everywhere via validating bridges. The reality, OFTs are supposed to be fungible across chain - its literally in the name! This is not just marketed by Layer Zero, but also Kelp itself. You can point a lot of blame here, but the end user carries the least.

Few remarks and lessons after rsETH drama, from my personal PoV Users should know that there is a difference between rsETH on Ethereum and rsETH on L2s. Abstracting this info is nice for UI, but it leads to unacceptable risk management practices. Why should the rsETH holder on L1 be suddenly exposed to a bad DVN setup created because @KelpDAO decided to add the fifteenth chain and DVN, there is just an RPC call to your grandfather's server ? So, put it simply - issue assets on L1. By all means, bring them to L2s, but do not hide additional risks from users ! On the other hand, holding rsETH on Arbitrum suddenly feels different than holding rsETH on Ethereum. Arbitrum is a Stage1 Rollup, everybody should know what it means, in particular everybody should be aware that there is a Security Council there that may intervene Similarly, on Stage 0 Rollup without Security Council the team can intervene (for good and for bad - it is up to you whether you see it as an advantage or unacceptable risk factor). This info should be known to any user of such Rollup and it should be reflected in the risk assessment. We are open at @l2beat to work with any wallet provider, swap service etc... so that asset risks are uniformly communicated to users Finally, to those of you who think that a well-formed Security Council of a Stage 1 Rollup is just a MultiSig of people "possibly in one location" - you are idiots

@bkiepuszewski @arbitrum We need bridgebeat too! educating about bridge risks

The fact that SC on @arbitrum has instant upgrade power is two clicks away (click on "pizza" or "Risk Analysis" and hover on Exit Window Red Warning Should it be one click away ? Should we be more specific here ? (how decentralized is the SC, a link to the constitution specifing SC mandate, etc..) Should we make it more obvious what is "instant upgrade" and what it enables in practice ? How can we, at @l2beat be better at what we do ?

@TrustlessState RPC end points also need to be compromised. Maybe this was highest value target.

If 47% of LZ implementations are 1-of-1, why was KelpDAOs exploited and not any other?

@ChainLinkGod Sorry but you have conflict of interest commenting on this. LZ is your competition.

To be clear: North Korean hackers infiltrated LayerZero Labs’ centralized infrastructure and stole $290M Rather than explain how that happened, LZ put out a statement carefully worded by lawyers to minimize their liability and threw KelpDAO under the bus for trusting them

@ryanberckmans You gotta be joking, main net gas has been super low for ages.

imo L2 Aave ETH lenders taking a concentrated loss would be among the ugliest, nastiest outcomes in our history. you're talking about kneecapping the life savings of our brothers in eth whose only crime was not being rich enough to use L1 Aave

@crypto_condom @aave I think it remains to be seen if there is permanent erosion or just short term taking shelter. All depends how this will get resolved

This is the dumbest take Ive read today. My brother in christ, Defi has ALREADY slid back 3 years today. @aave lost $6b tvl in 24h and DeFi overall lost 7% of all TVL or $13b. EVERY protocol in defi, across all chains, are seeing withdrawals due to loss of confidence.

@0xyanshu @0xngmi Disagree, why L1 rseth holders should be burned by this? They didn't choose to accept bridge risks.

@0xngmi Kelp has to own this call. And the honest answer, economically and reputationally, should be proportional socialization across all rsETH holders + engaging Umbrella on mainnet. x.com/0xyanshu/statu…

Let's run the numbers on potential scenarios Imo there's 3 potential actions for kelpDAO to take: - Socialize losses among all users - Rug rsETH holders on L2s - Try to return to holders before hack by using a pre-hack snapshot (very hard to do) If they socialize losses among users, that's a 18.5% haircut. There is 666k rsETH across all aave deployments and for the mainnet one all the positions are close to max looping so we'll assume they are at liquidation LTV (95%) for all chains If socialized, all the equity in these positions would be wiped out and 13.5% of their value would become bad debt, meaning around 216m Then umbrella ETH would cover 55m, and aave could cover an extra 85m using it's treasury, leaving 76m. They could take a loan to cover the remainder or sell the AAVE tokens in treasury (rn worth $51m). If they rug rsETH holders on L2s, aave has $359m (assuming at par price currently in use by oracle) of rsETH supplied there, and if we make the assumption of all looped at max ltv, that would create 341m of bad debt None of it would be covered with umbrella, so aave would need to cover all losses themselves and they might choose to save some markets with their treasury/loans and let others fail (arbitrum, mantle and base would be the ones with largest losses) Third option would be quite complicated since money has been moving a lot since then and protocols are pools that cant really separate depositors, but hacker borrowed $124m from aave mainnet and $18m on arbitrum, so maybe theres a way to only repay that? would be a $91m loss after umbrella coverage

Introducing aWETH Redemption Protocol With ETH utilization at 100% on Aave, many lenders are currently unable to withdraw and face increasing risk if markets move. aWETH Redemption Protocol allows ETH lenders to: • Exit into wstETH or weETH • Regain immediate liquidity • Reduce exposure to liquidation risk If you’re just lending ETH — you can fully exit. If you have ETH collateral and another debt — your collateral is seamlessly swapped into wstETH or weETH while your debt remains the same. We’re working alongside @LidoFinance , @ether_fi, @0xProject, @1inch, @KyberNetwork, and other ecosystem partners to: • Reduce systemic risk in DeFi • Ease utilization pressure • Support a healthier DeFi market Our goal is simple: protect users while reinforcing the foundations of DeFi. Capacity is initially limited to $1B in ETH. fluid.io/lite/aave-v3/e…

@duonine Fluid borrowing rate is 32% for at least 10h. Nice FUD.

Lido stETH is losing its peg. Monumental liquidations are about to happen. AAVE ETH markets are illiquid at over $6 billion. ETH borrow rates on Fluid and Maker at >100% APR. This is a systemic disaster of epic proportions. Liquid staked tokens like rsETH were a mistake.

@evrgn11112231 >Claude is arrogant, full of shit often, and loves to waste time and spin wheels and pontificate. They captured essence of SWE perfectly!

Muse Spark is actually insanely good. IMO, for my uses, the only advantage Claude . ai has on it currently from dozens of hours working with both is 1) coding and 2) context retention within and across chats. Built a little app to learn - I've been using Claude as project manager + back end architect, while Meta handled front end design / architecture / creative problem solver while Claude Code handled build. Claude is arrogant, full of shit often, and loves to waste time and spin wheels and pontificate. Muse Spark is no-nonsense, ship first mindset with incredible taste and risk taking ethos. It's like you are plugged directly into $META hivemind. Great job @alexandr_wang - I've enjoyed using Muse Spark more than any model I can recall. If only context were better!

@griffgreen @KelpDAO L2 rseth holders took additional bridge risk (most of them didnt understand it). Spilling this to L1 rseth holders, who didn't accept those risks would just bad.

If @KelpDAO doesn't some how recover these funds, they have a tough decision to make. The rsETH on mainnet is fully collateralized by ETH, but the rsETH on L2's is not backed by rsETH on the mainnet side of the bridge. What is the right call?

@james_base_eth Well, if the bridge was exploited the collateral isn't really fake, is it? It's stolen.

Another day, another bridge exploit. $290M rsETH drained and used as fake collateral on Aave. Bridges remain DeFi’s weakest link.

@Elliot0x @BlockEnthusiast No, only L2 rseth holders will get burned

@BlockEnthusiast The right thing for kelpDAO to do imo is use treasury assets first to cover the hole. Then auction gov tokens, then apply any remaining losses to rsETH holders.

very pleased that I have my collateral extremely distributed across lending platforms. but damn, my aave positions effectively erased. sad

@BrandonR2R Bad take, rseth withdrawn is backed.

Kelp DAO rsETH Exploit: TL;DR: An attacker exploited Kelp DAO’s LayerZero powered cross-chain bridge, draining ~116,500 rsETH (worth ~$292 million). The stolen tokens were used as collateral on major lending protocols (primarily Aave, with reports of Compound and Euler) to borrow ETH, creating ~$280M+ in unbacked bad debt. This is widely reported as the largest DeFi hack of 2026. What Happened: 1. Exploit: The attacker manipulated LayerZero’s cross-chain messaging to trigger unauthorized minting of rsETH with no backing. 2. Cascade: The fake rsETH was deposited as collateral on lending platforms, then used to borrow large amounts of real ETH (now extracted and gone). 3. Response: Kelp DAO paused all rsETH contracts via multisig. Aave (and affected protocols) immediately froze rsETH markets. Investigations ongoing with LayerZero and security teams. (This was not an Aave exploit.)

@blakes456 @0xyanshu @LayerZero_Core if your rseth is on mainnet, hold. L2 rseth if fucked

@0xyanshu @LayerZero_Core if you were holding rsETH would you sell at a 50% haircut or hold for clarity?

Tldr so far on KelpDAO rsETH situation Kelp DAO rsETH bridge drained for ~116,500 rsETH (~$292M) via @LayerZero_Core OFT at 17:35 UTC. Attacker called `lReceive` on EndpointV2 -> triggered release of rsETH to their wallet. Tornado Cash funded. Looks very premeditated. This is ofc bad. But contagion looks worse, could be very well more than $292M. First, what's the role of OFT here? LayerZero's "Omnichain Fungible Token" lets one token live on many chains. Lock on Chain A -> mint on Chain B. Burn on B -> unlock on A. If an attacker can forge the "B said burn" message, the adapter on A unlocks real collateral against fake proof. That's what appears to have happened here. The failure mode: not LayerZero the protocol, but the OFT's security configuration (DVNs, verifiers ig), apps set their own. Contagion map @aave V3 and V4 rsETH markets frozen. aWETH Umbrella stakers = junior tranche, first-loss @sparkdotfi: rsETH market frozen @Morpho: curator-level exposure in isolated markets @FluidDefi : frozen @compoundfinance, @eulerfinance: exposure being assessed @LidoFinance x @mellowprotocol: leveraged meta-vault exposure @pendle_fi: PT/YT rsETH markets repricing hard @upshift_fi: Kelp Gain + High Growth ETH vaults paused @beefyfinance, @yearnfi: strategies pausing rsETH on L2s via the OFT is the scariest open question — if the lockbox is drained, the rsETH sitting on Arbitrum / other chains may be uncollateralized (in plain words -- fake money). As pointed by @0xQuit. The Aave cascade, and why @Marczeller is asking ppl to pull WETH from Aave: This is where most retail WETH sits. rsETH collateral -> backs WETH loans -> rsETH price craters -> liquidations can't clear (no bid) -> bad debt lands in WETH reserve -> @aave Umbrella aWETH stakers slashed first -> DAO next -> only then do regular WETH depositors get socialized losses. Junior tranche exists to absorb this. That's the point. But if you hold plain aWETH and don't want haircut risk, the withdraw-first game is rational.

@JackGreenCrypto This is wrong take. rsETH is from L2 bridge, there is no bad debt.

Aave's code didn't fail today, but the protocol just absorbed a $292M bad debt hit anyway. The Kelp DAO exploit is a masterclass in shared liquidity risk. Attackers breached a bridge, minted unbacked rsETH, deposited the phantom tokens into Aave, and legally drained real ETH. This is exactly why the space has been aggressively shifting toward isolated lending markets. When you supply assets to a shared pool, you automatically inherit the security profile of the absolute weakest collateral accepted by the DAO. Aave's safety module will cover the shortfall and users will be made whole, but the market just got a brutal reminder. Your yields are only as safe as the most vulnerable bridge connected to the pool.

@dcfgod layerzeroscan.com/oft/rsETH/Kelp… They withdrew all rseth from LayerZero brudge, looks like L2 rseth is now worthless

Checked the chain No new rseth was minted recently - the circ supply has been pretty steady They still have 670k eth and there’s 629k rseth circulating Question is - is any rseth considered unbacked? Does it work like frax where they can protocol mint some that would never be redeemed? Or is all rseth always backed? in which case, there would be no aave bad debt as they can just redeem it But then whose rseth was this? Some whale?

Is kelp confirmed exploit or is it a user with stolen funds? Like is there more rseth tokens in existence than eth that backs it now?

@IntCyberDigest Funny! He is using FDDtoUSB adapter

🔴💾 Someone connected a 3.5" floppy drive to their Tesla... and it works, because the Linux kernel still supports this subsystem. It can be used as storage for playing MP3s from a floppy disk, but unfortunately can't be used to store Tesla camera footage.

@emilianobonassi Did you read this to the end? This won't impact retail AT ALL.

unstoppable finance all the eu (not only france) wire transfers will blocked for 4 days connexionfrance.com/news/bank-tran…

@Itsfoss Lack of reaction is a reaction. Why waste energy?

I find it frustrating that none of these "guardians" of Linux and open source have reacted to the OS-level age verification law: - Linux Foundation - Open Source Initiative - Free Software Foundation - Software Freedom Conservancy