Slava S.

349 posts

Slava S. banner
Slava S.

Slava S.

@slvDev

building tools and shipping too many things at once

Ukraine Katılım Ocak 2015
126 Takip Edilen294 Takipçiler
Slava S.
Slava S.@slvDev·
made sigby public today. alpha passkey wallet built on @wevm_dev porto. MV3 service workers can die mid WebAuthn signing, so `wallet_sendCalls` needs a recovery path instead of assuming popup/background stay alive. github.com/slvDev/sigby cc @amorfati
English
0
0
0
37
Slava S.
Slava S.@slvDev·
C4 winding down
Slava S. tweet media
English
0
0
0
23
Slava S.
Slava S.@slvDev·
@OpenAI why after Codex update Ctrl+J == newline ?
GIF
English
1
0
1
20
Certora
Certora@Certora·
We're hiring! We're looking for a SOC Analyst who can investigate Web3 attacks, build detections, and work directly with partners on security events. Apply below ⬇️
Certora tweet media
English
7
3
54
4.5K
Slava S.
Slava S.@slvDev·
@fiorescan @Certora thanks. the form only lists 6 countries, no `other` opt is there a different application path?
English
1
0
0
53
Slava S.
Slava S.@slvDev·
A coordinated LinkedIn recruiter scam is hitting Web3 security folks right now and the template is so reused it deserves a public fingerprint. The playbook: a recruiter persona with 2-3 concurrent HR roles cold-DMs auditors with a Google Doc job description. Cover brand rotates. Yesterday it was Ritual with a fake product called RitualPlay. Today it was @0G_labs with one called 0G MGVerse, plus @AITECHio wrapped in a fake project called Onyxverse. All three documents share the exact same 15-role list (Fractional CTO down to Executive Assistant), the same compensation block listing reimbursements for Transcendental Meditation and Landmark Education, and a paragraph about a multi-game P2E platform with NFT avatars that gets find-and-replaced between brands. The Calendly slugs are the giveaway. Real 0G Labs does not book interviews at calendly.com/0g-hire. Real Solidus AI Tech does not book at calendly.com/onyxverse. Both companies have publicly said their teams never DM first. Ten of these landed in one inbox in a single day. If you are an auditor on Code4rena, Sherlock, or Cantina, you are on a list. Ignore, report, block. Do not open the Google Doc in a browser session that has wallet extensions. Do not run any "technical assessment" repo they send next. cc @0G_labs @AITECHio the impersonation of your brands is active right now.
English
1
0
1
101
Slava S.
Slava S.@slvDev·
`anyone can build this with claude in a weekend` argument is empirically wrong. anyone who actually tries hits the wall at the first serious architectural decision. demos look easy because every architectural choice was made for you in advance
English
0
0
0
35
Slava S.
Slava S.@slvDev·
@arbitrum recovered 30,765 ETH this morning, roughly 70M dollars at spot. That is the Arbitrum arm of the attack, cleanly zeroed. The approximately 52,843 WETH that the attacker borrowed from @aave mainnet is still out. The unmapped extractions through the Lido wstETH swap path, the WBTC and WETH swap path, and the direct ETH conversion are also still unaccounted for. Estimated overall recovery sits somewhere around 30 to 40 percent of what the attacker actually walked away with across all chains. The clawback is a large chip on the negotiation table between @KelpDAO, @LayerZero_Core, and @aave. It is not a full reversal of the loss. Full forensic breakdown in the quoted post below.
Slava S.@slvDev

A forensic look at the Arbitrum intervention this morning, because the onchain details connect directly to the @KelpDAO attacker wallets traced in the earlier thread. At block 454686044 on Arbitrum on 2026-04-21 at 06:45:56 UTC, a state transition moved 30,765.6674 ETH out of an attacker-controlled address at `0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc` and into a previously-empty address at `0x0000000000000000000000000000000000000da0`. The receipt is at `0x5618044241dade84af6c41b7d84496dc9823700f98b79751e257608dac570f6b`. After the transaction completed, the attacker's Arbitrum address retained 0.0001 ETH of dust and went silent. The destination address holds exactly the 30,765.6674 ETH and has no contract code attached. Two details about the transaction itself are worth calling out. It consumed exactly 21,000 gas, which is the fixed cost of a vanilla ETH transfer with no contract logic attached. It emitted zero logs. Together those two numbers tell you the Security Council did not execute this through a standard governance pathway with a multisig-signed authorization trail. They appear to have rewritten the state directly, and the transaction entry surfaces the state write as if it were a regular transfer out of the attacker's address. Odysseas from Phylax described this earlier today as "manually upgrading the system contracts and the client code in tandem to perform an improper state transition," and the onchain fingerprint is consistent with that reading. The more striking observation is about where the 30,765 ETH came from in the first place. The attacker's Arbitrum consolidation address received inbound ETH over a short window on 2026-04-18 from six of the seven fresh EOAs used in the original Ethereum mainnet attack. `0x1b748b68` sent 7,877 ETH. `0xeba786c9` sent 12,382 ETH. `0xcbb24a6b` sent 4,318 ETH. `0xe9e2f48b` sent 4,431 ETH. `0x8d11aeac` sent 999 ETH. `0xbb6a6006` sent 758 ETH. Those six amounts sum to 30,765.67 ETH, which matches the clawback amount exactly. The only one of the seven original EOAs that did not feed this Arbitrum wallet is `0x1f4c1c2e`, which is the EOA that held its 53,000 rsETH position on @aave V3 Ethereum mainnet and is still sitting on it right now. Said differently, the Arbitrum state transition cleanly zeroed the full Arbitrum arm of the coordinated attack. Every piece of ETH that the attacker had moved onto Arbitrum is now out of their control. The mechanism by which those six EOAs generated ETH on Arbitrum in the first place, whether through Aave Arbitrum loans against bridged rsETH, DEX swaps, or a combination, is not directly visible from this consolidation wallet's history. What is visible is the arithmetic: 30,765 ETH in, 30,765 ETH out, exactly and in one transaction. Three observations worth landing separately. The first observation is about selectivity. Arbitrum acted this morning. Other chains that held parts of the attacker's position, or held bridged rsETH supply affected by the exploit, have not executed anything similar so far. Circle, which could in theory have frozen USDC had the attacker converted into stablecoin before the clawback, also did not act. A security researcher in a live channel earlier today noted the uncomfortable counterfactual: if the attacker had swapped the ETH into USDC on Arbitrum before 06:45 UTC, they would have been in the clear today. The capability to intervene exists in more places than the feed acknowledges. It fires only when a specific set of humans decides to pull it. The second observation is about precedent. Odysseas from Phylax made the point that if the Clarity Act reaches proceedings in the United States, this intervention will sit in the record as an example. The regulatory framing question around L2s is whether they qualify as decentralized networks or something closer to centralized money transmitters, and a Security Council that can execute a state transition to claw back specific funds will get cited in whichever direction the regulators end up taking it. @banteg credited Arbitrum for making a hard decision. James Prestwich pointed out that both Ethereum and Bitcoin have historical precedent for clawing back exploited funds. The discomfort some people are expressing today is really discomfort with the capability being acknowledged at this visibility level, not with the existence of the capability itself. The third observation is about the bad debt math. The 30,765 ETH, worth approximately 70M dollars at current ETH spot, is the single largest recovery event in the @KelpDAO / @LayerZero_Core / @aave incident so far. It does not directly offset the attacker's WETH debt on Aave mainnet, which remains open, but it does materially shrink the global loss pool across all chains involved. The three protocols have spent the last seventy two hours lawyered up and publicly blaming each other through press statements and live channels. The recovered ETH pool is a bigger chip on the table than any of them was expecting to have by this morning, and it makes the scenario where users take a minimal haircut meaningfully more plausible than it was yesterday. The architectural capability to do what Arbitrum did this morning was always there. The Security Council has always had the authority to upgrade contracts and the client code that runs them. What changed today was the willingness to use that authority visibly enough that the transaction shows up in a block explorer as a 21,000-gas transfer with zero logs and 30,765 ETH on the value line. The receipt is public, the precedent is set, and neither one is going anywhere.

English
0
0
0
75
Slava S.
Slava S.@slvDev·
A forensic look at the Arbitrum intervention this morning, because the onchain details connect directly to the @KelpDAO attacker wallets traced in the earlier thread. At block 454686044 on Arbitrum on 2026-04-21 at 06:45:56 UTC, a state transition moved 30,765.6674 ETH out of an attacker-controlled address at `0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc` and into a previously-empty address at `0x0000000000000000000000000000000000000da0`. The receipt is at `0x5618044241dade84af6c41b7d84496dc9823700f98b79751e257608dac570f6b`. After the transaction completed, the attacker's Arbitrum address retained 0.0001 ETH of dust and went silent. The destination address holds exactly the 30,765.6674 ETH and has no contract code attached. Two details about the transaction itself are worth calling out. It consumed exactly 21,000 gas, which is the fixed cost of a vanilla ETH transfer with no contract logic attached. It emitted zero logs. Together those two numbers tell you the Security Council did not execute this through a standard governance pathway with a multisig-signed authorization trail. They appear to have rewritten the state directly, and the transaction entry surfaces the state write as if it were a regular transfer out of the attacker's address. Odysseas from Phylax described this earlier today as "manually upgrading the system contracts and the client code in tandem to perform an improper state transition," and the onchain fingerprint is consistent with that reading. The more striking observation is about where the 30,765 ETH came from in the first place. The attacker's Arbitrum consolidation address received inbound ETH over a short window on 2026-04-18 from six of the seven fresh EOAs used in the original Ethereum mainnet attack. `0x1b748b68` sent 7,877 ETH. `0xeba786c9` sent 12,382 ETH. `0xcbb24a6b` sent 4,318 ETH. `0xe9e2f48b` sent 4,431 ETH. `0x8d11aeac` sent 999 ETH. `0xbb6a6006` sent 758 ETH. Those six amounts sum to 30,765.67 ETH, which matches the clawback amount exactly. The only one of the seven original EOAs that did not feed this Arbitrum wallet is `0x1f4c1c2e`, which is the EOA that held its 53,000 rsETH position on @aave V3 Ethereum mainnet and is still sitting on it right now. Said differently, the Arbitrum state transition cleanly zeroed the full Arbitrum arm of the coordinated attack. Every piece of ETH that the attacker had moved onto Arbitrum is now out of their control. The mechanism by which those six EOAs generated ETH on Arbitrum in the first place, whether through Aave Arbitrum loans against bridged rsETH, DEX swaps, or a combination, is not directly visible from this consolidation wallet's history. What is visible is the arithmetic: 30,765 ETH in, 30,765 ETH out, exactly and in one transaction. Three observations worth landing separately. The first observation is about selectivity. Arbitrum acted this morning. Other chains that held parts of the attacker's position, or held bridged rsETH supply affected by the exploit, have not executed anything similar so far. Circle, which could in theory have frozen USDC had the attacker converted into stablecoin before the clawback, also did not act. A security researcher in a live channel earlier today noted the uncomfortable counterfactual: if the attacker had swapped the ETH into USDC on Arbitrum before 06:45 UTC, they would have been in the clear today. The capability to intervene exists in more places than the feed acknowledges. It fires only when a specific set of humans decides to pull it. The second observation is about precedent. Odysseas from Phylax made the point that if the Clarity Act reaches proceedings in the United States, this intervention will sit in the record as an example. The regulatory framing question around L2s is whether they qualify as decentralized networks or something closer to centralized money transmitters, and a Security Council that can execute a state transition to claw back specific funds will get cited in whichever direction the regulators end up taking it. @banteg credited Arbitrum for making a hard decision. James Prestwich pointed out that both Ethereum and Bitcoin have historical precedent for clawing back exploited funds. The discomfort some people are expressing today is really discomfort with the capability being acknowledged at this visibility level, not with the existence of the capability itself. The third observation is about the bad debt math. The 30,765 ETH, worth approximately 70M dollars at current ETH spot, is the single largest recovery event in the @KelpDAO / @LayerZero_Core / @aave incident so far. It does not directly offset the attacker's WETH debt on Aave mainnet, which remains open, but it does materially shrink the global loss pool across all chains involved. The three protocols have spent the last seventy two hours lawyered up and publicly blaming each other through press statements and live channels. The recovered ETH pool is a bigger chip on the table than any of them was expecting to have by this morning, and it makes the scenario where users take a minimal haircut meaningfully more plausible than it was yesterday. The architectural capability to do what Arbitrum did this morning was always there. The Security Council has always had the authority to upgrade contracts and the client code that runs them. What changed today was the willingness to use that authority visibly enough that the transaction shows up in a block explorer as a 21,000-gas transfer with zero logs and 30,765 ETH on the value line. The receipt is public, the precedent is set, and neither one is going anywhere.
English
0
0
3
503
Slava S.
Slava S.@slvDev·
@banteg /provider-health returns the configured rpcs. quorum: 1 disables the consensus wrapper entirely, so the dvn trusts whichever rpc answers first. both halves of the attack ship as defaults in the sample repo
English
0
0
4
882
banteg
banteg@banteg·
went through layerzero gasolina aws deployment repo + extracted app source. tl;dr concerning the reference deployment is public by design. and the sample providers.json ships with rpc quorum: 1 on every mainnet chain. 1. the recommended cdk stack puts a public api gateway in front of a private alb in front of fargate in private subnets. publicLoadBalancer: false, taskSubnets: PRIVATE_WITH_NAT, and an HttpApi with HttpAlbIntegration. the readme literally tells operators to send the resulting ApiGatewayUrl to layerzero labs. 2. no authorizer, no iam auth mode, no ip allowlist, no waf, no route-level policy anywhere in the repo. the app itself (bootstrap.ts) registers /provider-health, which leaks configured rpcs. server.listen(port) without host arg binds to public ip. 3. cdk/gasolina/config/providers/mainnet/providers.json sets quorum: 1 for ethereum, bsc, polygon, arbitrum, optimism, fantom, and the rest. multiple rpc urls are configured as failover, not consensus. the multiprovider code only enforces quorum when quorum > 1 and explicitly bypasses the wrapper when it's 1. rpcs are mostly public endpoints (llamarpc, publicnode, ankr). 4. provider config lives in an s3 bucket that the cdk stack creates, uploads to, and passes via env vars (PROVIDER_CONFIG_TYPE, CONFIG_BUCKET_NAME). so the trust boundary is the app + the mutable config plane + the upstream rpc tier + whatever's in front of api gateway. 5. operators are told to validate by curling the public url for /available-chains, /signer-info?chainName=ethereum, /provider-health (again, leaks rpc). external reachability is an encouraged documented requirement. caveats: this is the public repo and extracted non-public source. it doesn't prove the config they had for kelp bridge. but the public info and the defaults the operators are pointed at look concerning. read more here: gist.github.com/banteg/2fde29d…
English
18
34
358
45.4K
Slava S.
Slava S.@slvDev·
@banteg ipcloaking kills the rpc poisoning frame. poisoning taints everyone who queries the lookup. this one tainted only the dvn and told the truth to scan and every other caller. this is a different attack class
English
0
0
4
1.9K
banteg
banteg@banteg·
layerzero attack was not rpc poisoning in networking poisoning is when the attacker outside the trust boundary taints a shared lookup (dns, arp, cache). the consumer has no reason to distrust the source. this was not that. the attackers got inside layerzero's trust boundary. they accessed the rpc list, compromised two nodes the dvn depended on, and swapped the op-geth binaries. that's an infra breach within the perimeter. supply-chain shaped, not network shaped. and the payload was surgical. the malicious binary cloaked by ip, served forged payload only to the dvn, told the truth to scan and every other caller, then self-destructed to wipe logs and binaries. rpc poisoning makes it sound like something that happened to the infra from the outside. the real story is a targeted implant operating inside the trust boundary. that's a meaningfully scarier attack than the label suggests.
English
93
198
1.6K
123.3K
Slava S.
Slava S.@slvDev·
Key technical detail in this post-mortem that deserves more attention than it is getting: the attack required a coordinated DDoS of the uncompromised RPCs to force failover into the poisoned ones. Below, what that means for every other OFT bridged through a chain with a thin RPC mesh. The attribution, according to @LayerZero_Core, is DPRK's Lazarus Group, specifically the TraderTraitor subgroup. State-sponsored, highly sophisticated. That framing matters because it shapes how the rest of the industry should read this as a threat model, not as an ordinary exploit. The actual attack mechanism is worth understanding in detail. The LayerZero Labs DVN does not rely on a single RPC. It reads from a set of RPCs, some self-operated and some external, and is designed to fail over if any individual node is unreachable. The attackers compromised two of those RPCs by swapping out the binaries running the op-geth nodes, which gave them custom control over what those two nodes returned in response to queries. That part on its own was not enough, because the DVN was still reading from the uncompromised RPCs. What completed the attack was a DDoS against the remaining clean RPCs, timed precisely to force the DVN to fail over to the two that had been poisoned. At that point the DVN read the forged state, signed the packet, and the rest of the chain followed. The malicious binaries were also designed to be selective, serving the false response only to the DVN while continuing to return accurate state to any other IP that queried them, including LayerZero's own Scan indexing service. That defeated internal observability on purpose, which is the detail that should worry everyone reading this as a threat model. After the attack completed, the malicious binaries self-destructed, deleting themselves along with local logs and configs. Technically, this means the verification layer failed because it trusted its failover path into compromised infrastructure. A small number of independent bridge researchers in security channels this morning, including observations from @banteg and @0xtripathi, pointed at the same underlying gap: LayerZero's verification service checks event logs from whatever RPC answers, but it does not cross-reference block headers across multiple independent RPC sources before accepting a proof. If it did, the disagreement between the compromised and uncompromised nodes would have surfaced immediately when the DDoS lifted, instead of after 292M dollars had moved. @LayerZero_Core's framing is that modular security worked as intended, that the blast radius was contained because only @KelpDAO ran a 1-of-1 configuration, and that the protocol itself was not exploited. The first two points are defensible. The third is narrower than the post-mortem makes it sound, because "the protocol was not exploited" elides the observation that the Labs-operated DVN signed a packet describing an event that never happened, and that the verification architecture around it had no cross-RPC header consensus check to catch the lie. LayerZero Labs has announced that their DVN will no longer sign or attest for applications running 1-of-1 configurations, and that they are reaching out to all applications currently in that state to migrate. That is the right action and it is already in motion. The open structural question is whether the same attack shape, a two-node binary compromise plus a DDoS of the remaining mesh, remains viable on other chains that have thin RPC provider counts. @unichain had a documented RPC provider dropoff in the months before this event, and DIN discontinued service to it around thirty days before the attack. Chains that have moved into quiet maintenance mode are now the most exposed attack surface for every OFT asset that still bridges through them. The fix that closes this class of attack has two pieces. Move to multi-DVN configurations with distinct RPC provider sets, which raises the coordination cost for compromising the verification layer itself. And add block header consensus across several independent RPC providers before any proof is considered valid, which catches the lie even when the failover path leads into poisoned nodes. Both pieces are missing or incomplete in the current design, and both are addressable.
LayerZero@LayerZero_Core

x.com/i/article/2046…

English
0
0
2
213
Slava S.
Slava S.@slvDev·
@incyd__ rsETH was not minted with no collateral. It got released from the Ethereum OFT escrow adapter after a forged message passed a 1-of-1 DVN check. Mainnet rsETH is still fully backed. Bridged L2 rsETH is the uncollateralized portion. x.com/slvDev/status/…
Slava S.@slvDev

An onchain investigation of the @KelpDAO / @LayerZero_Core incident, broken into the stages the attacker actually moved through. Everything below comes from Ethereum mainnet receipts, not from writeups. Each stage traces what happened, how the market reacted, and what the onchain data says about numbers that are still being debated on the feed. Stage one, the setup. Nine hours before the attack, at block 24905614, a fresh address called `0x4966260619701a80637cdbdac6a6ce0131f8575e` received 0.9939 ETH through an internal transfer. When the attacker's own tx went out later, this wallet was still sitting at nonce zero, which means the wallet had never been used for anything before that incoming transfer. The sender of that 0.9939 ETH is interesting. Etherscan labels the address `0x47ce0c6ed5b0ce3d3a51fdb1c52dc66a7c3c2936` as `TornadoCash_eth`. So the funder is the 1 ETH Tornado Cash pool itself, and the 0.9939 figure is the payout minus the Tornado relayer fee. Looking further upstream, the router used was `0xd90e2f925da726b50c4ed8d0fb90ad053324f31b`, which is literally called `TornadoRouter` onchain. The attacker used Tornado to obscure where the gas money came from, and did it cleanly enough that the trail ends at the pool itself. This is worth calling out because several early tweets said the wallet was "pre-funded through Tornado Cash," which is true but vague. The onchain reality is more specific: one 0.9939 ETH withdrawal, nine hours before execution, to a brand new address that only ever did one thing. Stage two, the forged packet. The attack centers on a single forged cross-chain message submitted to LayerZero. The packet itself is readable byte for byte. The version byte reads 1. The nonce reads 308. The source chain ID reads 30320, which is LayerZero's identifier for @unichain. The sender address on the source side is `0xc3eacf0612346366db554c991d7858716db09f58`, which is the rsETH OFT deployment on Unichain. The destination chain ID reads 30101, which is Ethereum mainnet. The destination receiver is `0x85d456b2dff1fd8245387c0bfb64dfb700e98ef3`, which Etherscan has verified as `RSETH_OFTAdapter`. In plain language, the packet claims that a legitimate message had been emitted on Unichain telling the Ethereum adapter to release rsETH. No such message had been emitted on Unichain at that nonce. The DVN that was supposed to verify this claim signed off on it anyway. That signature is the entire breach, and everything else downstream is consequence. The nonce of 308 is oddly specific. Either the attacker knew the exact counter state on the Unichain side when they crafted the forgery, or the DVN was not checking continuity of nonces at all. Neither possibility reads well for the verification layer. Stage three, the commit. At block 24908283 on 2026-04-18 at 17:35:11 UTC, the attacker submitted their first transaction. It was a call to `commitVerification` on the contract at `0xc02ab410f0734efa3f14628780e6e695156024c2`. That contract matters because it is not a Kelp contract. It resolves to `ReceiveUln302`, the LayerZero V2 receive library, deployed by LayerZero Labs in January 2024. The function `commitVerification` is permissionless. Anyone can call it once the required DVN signatures for a given packet already exist. All the actual cryptographic work has happened offchain by the time the transaction goes out. This is the key finding of the investigation. The attacker did not need to be the DVN operator to execute the onchain part of the attack. They only needed the DVN to have already signed the forged packet. Everything that followed was routine on their end. Stage four, the release. Two blocks later, at 24908285, about twenty four seconds after the verification commit, the attacker called `lzReceive` on the LayerZero V2 endpoint at `0x1a44076050125825900e736c501f859c50fe728c`. The transaction burned 94,456 gas and emitted exactly one token transfer event. That event shows 116,500.0000 rsETH moving from the OFT Adapter at `0x85d456b2...` to an address at `0x8b1b6c9a6db1304000412dd21ae6a70a82d60d3b`. That address was labeled in community posts as the "exploiter contract," but onchain it is actually an EOA, not a contract. Its code length is zero. The attack was orchestrated from externally owned accounts, not from a dedicated exploit contract. The rsETH token itself lives at `0xa1290d69c65a6fe4df752f95823fae25cb99e5a7`. At the rsETH spot price during that hour, 116,500 tokens work out to approximately 292M dollars. Stage five, the fan-out. What happened in the following six minutes, between blocks 24908285 and 24908316, is what tells us the attacker had done homework. The exploiter address fanned the entire 116,500 rsETH across seven brand new EOAs, each of which had held zero balance before. The address `0x1f4c1c2e610f089d6914c4448e6f21cb0db3adef` received 53,000 rsETH. `0xeba786c9517a4823a5cfd9c72e4e80bf8168129b` received 30,000. `0xcbb24a6b4dafaaa1a759a2f413ea0eb6ae1455cc` received 10,000. `0x1b748b680373a1dd70a2319261328cab2a6f644c` received 8,000. `0xbb6a6006eb71205e977eceb19fcad1c8d631c787` received 6,000. `0x8d11aeac74267dd5c56d371bf4ae1afa174c2d49` received 5,000. The last one, `0xe9e2f48bb0018276391aec240abb46e8c3cad181`, received 4,500. Those numbers add up to 116,500 exactly. What is less expected is how specific the shares are. Those sizes do not look random. They look like someone measured, in advance, how much rsETH each downstream venue was going to accept before the protocol parameters refused the deposit, and then chose the chunks accordingly. Whoever built this knew the venue caps before the attack started. Stage six, where each chunk actually went. Tracing what happened after each of those seven EOAs received their share, the picture of the full attack strategy emerges. This is the part the feed has mostly not lifted out of the onchain data. The largest share, 53,000 rsETH at `0x1f4c1c2e`, went straight to @aave V3 on Ethereum mainnet. The attacker deposited the entire 53,000 rsETH as collateral and received an equivalent 53,000 aRsETH in return. Against that collateral, they borrowed 52,440 WETH. The position is still open on chain and currently reads 53,000 aRsETH collateral and 52,448.80 variableDebtWETH as the exact onchain numbers at this moment. A secondary position on @aave V3 came from `0x8d11aeac`, which deposited 400 rsETH and borrowed 393.98 WETH. Combined with the `0x1f4c1c2e` position, the attacker's total direct exposure on Aave V3 Ethereum sits at 53,400 rsETH on the collateral side and approximately 52,843 WETH on the debt side. Two of the seven EOAs, `0x1b748b68` and `0xe9e2f48b`, did not stay on Ethereum. They called into a LayerZero helper contract called `LZMultiCall` at `0xacddac6c77318b615f7f6fb9bb67c6833e9c05f1` and bridged their 8,000 and 4,500 rsETH respectively to @unichain and from there out to other destinations. The event logs show destination EID 30110, which is Arbitrum. The attacker was extending the exploit to Aave Arbitrum, and likely other chains, using the same LayerZero infrastructure that had just been compromised. The `0xeba786c9` wallet that received 30,000 rsETH used Lido infrastructure to swap into wstETH and then forwarded the wstETH onward through a series of transactions. The `0xcbb24a6b` wallet that received 10,000 moved through WBTC and WETH intermediaries in a pattern that looks like swap legs on Uniswap. The `0xbb6a6006` wallet that received 6,000 converted directly into roughly 5,580 ETH. So the attack was not a single theft into a single lending market. It was a coordinated multi-chain, multi-venue extraction that used at least three lending protocols, multiple bridges, and parallel swap paths. The 53,000 chunk that reached Aave Ethereum is only the biggest single piece, not the whole story. Stage seven, the Kelp pause. Kelp's OFT adapter is owned by a Gnosis Safe at `0xcbcdd778aa25476f203814214dd3e9b9c46829a1`. The first `execTransaction` call against that Safe after the attack lands at block 24908497, which is 212 blocks after the attack started. At Ethereum's twelve second block time, that works out to roughly 42 minutes. The widely cited "46 minutes from forged message to emergency pause" figure in writeups and news posts is reasonably close to the onchain reality. The Safe signers, visible in the execTransaction callers, are `0x51c5978563`, `0x7aad74b7f0`, and `0xfcc1c98f88`. The pause was not a single tx but a sequence of Safe operations between blocks 24908497 and 24908648, which takes the actual completed pause closer to 47 to 50 minutes after the attack rather than the clean "46 min" framing. Stage eight, the second attempt and why it failed. At block 24908538, roughly 51 minutes after the first attack, the same attacker EOA `0x4966...` submitted another `commitVerification`. It succeeded, which is the part that should bother people. The DVN had signed a second forged packet during the window while Kelp was actively pausing. The verification layer was still approving forgeries. One block later, at 24908539, the attacker called `lzReceive` again. That transaction reverted. A few blocks after, at 24908547, they tried once more and it reverted too. The reason both second attempts failed is that Kelp had, by that point, paused the OFT adapter through their Safe actions, so the downstream execution could no longer complete. The asymmetry is the interesting finding. The Kelp pause worked at the application layer. The LayerZero verification layer kept signing fraudulent packets the whole time. The attacker could have done more damage through other OFT-configured tokens using the same DVN if those tokens had not also been paused by their respective teams. Stage nine, the verified bad debt math. This is where the numbers on Twitter have been all over the map. Onchain, the situation is more boring than most of the estimates. The aRsETH token on Aave V3 Ethereum currently holds 525,760.90 rsETH as its total supply. That is the total rsETH deposited on Aave V3 Ethereum from every depositor combined. Of that, approximately 53,400 rsETH is the attacker's direct deposit across the two EOAs. The other approximately 472,360 rsETH is pre-existing user collateral that was already on Aave before the attack, owned by regular rsETH depositors. The WETH aToken on Aave V3 Ethereum currently holds only 0.01 WETH. The WETH reserve is effectively empty. Total variable debt on WETH across Aave V3 Ethereum runs approximately 2,667,860 WETH. Combined, these two numbers confirm the community claim that WETH borrowing on Aave is at near-100% utilization, which is why borrow rates on USDC and USDT reportedly spiked toward 15 percent in the hours after the attack. The attacker's direct bad debt contribution, meaning the portion of the debt where the attacker's collateral would not cover the loan, depends on how rsETH ultimately gets repriced. If the loss is socialized across all rsETH holders on all chains, the implied writedown sits around 18 percent. Under that scenario, the attacker's position becomes underwater by approximately 13.8M dollars at a rough ETH price of 2,300 dollars per WETH. That is a small piece of the total, and the broader picture becomes one of haircuts on legitimate depositors rather than true bad debt. If instead the bridged L2 versions of rsETH are written down to zero while mainnet rsETH stays fully backed, the mainnet Aave position of the attacker is technically still over-collateralized, and the real bad debt gets concentrated on the Aave Arbitrum and Aave Mantle deployments where the bridged chunks of 8,000 and 4,500 rsETH ended up. Aave Arbitrum reportedly had 62,280 rsETH deposited across all users, and Aave Mantle reportedly had 47,280, both of which would be at risk under this scenario. The technical recalculation currently circulating on Twitter, attributed to one analyst, puts the actual Aave bad debt figure at approximately 75.9M dollars. That number sits roughly in the middle of the two scenarios above and is currently the most defensible estimate in circulation. None of this has been formally endorsed yet by @aave governance. Stage ten, the broader market response. The dollar numbers from market moves should be read as reported rather than independently audited. AAVE token reportedly traded down between ten and fourteen percent in the hours after the attack, with the range depending on which feed someone reads. Ether itself reportedly fell around 3.7 percent to approximately 2,300 dollars. Observers on the @aave side cited roughly 5.4B dollars in ETH withdrawal outflows in the hours that followed the attack. The onchain reality supports the direction of this claim, given that the WETH aToken now reads 0.01 WETH as its balance, but the exact 5.4B number deserves an independent tally before it gets treated as settled. One wallet that many onchain watchers attribute to @justinsuntron reportedly pulled around 65,584 ETH, worth approximately 154M dollars. The movement itself is visible on chain at the addresses attributed to that wallet, but the ownership attribution is not publicly confirmed by the wallet's operator. Borrow rates on USDC and USDT in affected markets reportedly spiked toward 15 percent. Large holders reportedly dumped around 60,000 AAVE tokens across the aftermath. These numbers are consistent with the feed narrative of a liquidity panic, but clean onchain tallies are still being pieced together by observers and have not been formally published. Stage eleven, Aave's safety buffers, verified onchain. On the @aave safety module side, the onchain totals look like this. The legacy stkAAVE safety module holds approximately 2.97M staked AAVE tokens. The stkABPT pool holds approximately 2.84M staked Balancer tokens. The newer stkGHO Umbrella module holds approximately 240M stkGHO. Using rough current prices, the stkGHO module is approximately 240M dollars in backing, the stkAAVE legacy module sits around 250 to 300M dollars depending on AAVE price at the moment of slashing, and the stkABPT module is another 300M or so. Combined, the theoretical safety buffer across all three sits somewhere between 700M and 850M dollars, though whether any given piece of that buffer actually becomes available for this specific loss depends entirely on how Aave governance classifies the incident and which modules they choose to slash. Community posts have cited "Umbrella 40M, legacy 312M" as the number pair, and those figures roughly match the stkAAVE and stkABPT modules specifically, not the combined picture. The stkGHO Umbrella is much larger in headline dollar terms but may not be available for slashing on non-GHO losses without governance action. Stage twelve, the industry-wide shape of the problem. The single Unichain route that was exploited had been configured with a 1-of-1 DVN, meaning one required signer carried the entire cross-chain verification. Community counts put 24 of the 26 rsETH pathways on the identical 1-of-1 @LayerZero_Core Labs setup, which is what turns this from a Kelp accident into a broader industry signal. The attacker only needed to pick one door because one door already turned out to be enough, and the other 23 were structurally identical. The exposure extends well past rsETH. Similar OFT deployments with 1-of-1 or 2-of-2 DVN configurations are running on USDT0, Ethena USDe, Sky USDS, AUSD, USDai, Cap cUSD, Reservoir rUSD, infiniFi iUSD, @ether_fi weETH, mETH cmETH, and Puffer pufETH. PYUSD is reportedly deployed on a similar @LayerZero_Core OFT configuration controlled by a single EOA owner, with a self-reported market cap above 9B dollars. After the Kelp incident, USDT0, Ethena, Sky, EtherFi, and Cap paused their bridges preemptively. LayerZero's own founder announced in a live chat during triage that LayerZero Labs has blocked all weak configs, specifically 1-of-1, from its own infrastructure and is actively helping other protocols migrate to stronger configurations. This is actual post-incident action and has not yet been widely picked up on the feed. Pulling it all together. The short version is that no contract was exploited in the sense people usually mean. Every line of solidity across @LayerZero_Core, @KelpDAO, @aave, @compoundfinance, @MorphoLabs, SparkLend, Fluid, and Euler executed correctly. The breach was a single offchain validator signing a packet that described a source-chain event which had never happened. That signature was enough, because the verification threshold on that route was one required signer. The attacker built the attack with the kind of precision that suggests the DVN compromise was not opportunistic. The 7-way fanout, the precomputed venue caps, the parallel bridge-outs to other chains, and the nine-hour Tornado timing all point to a planned operation, not a smash-and-grab. The Kelp response worked at the application layer, forty two minutes from attack to the first Safe action. The LayerZero verification layer continued signing forged packets into the second attempt window, which is the more uncomfortable piece. The bad debt, once the dust settles, is probably smaller than the opening estimates of 177 to 200M dollars and larger than the pure "only attacker's position is underwater" minimum. The 75.9M dollar technical recalc is currently the most defensible middle. Whichever way the haircut politics land, the outcome will set precedent for how every other 1-of-1 OFT-configured asset gets treated the next time this happens.

English
0
0
0
35
ash · incyd.eth
ash · incyd.eth@incyd__·
kelp's rsETH bridge was exploited for ~$293m. the attacker minted 116,500 rsETH with no collateral, dropped it on aave, and borrowed eth against it. kelp's multisig paused 46 min later. aave froze rsETH on the lending market. could be meaningful bad debt on aave, but the safety module should cover it now it's a question of whether lenders wait or run.
The Block@TheBlockCo

Kelp DAO's rsETH bridge apparently exploited for roughly $292 million in LayerZero-based attack theblock.co/post/397988/ke…

English
9
0
20
1.6K
Slava S.
Slava S.@slvDev·
$177M figure was the first rough estimate from inside the attack window. A technical recalc now circulating puts real Aave bad debt closer to $75.9M, and under a fully socialized 18% haircut the attacker's direct position only goes underwater by about $13.8M. Most of the 525k rsETH currently on Aave Ethereum is pre-existing user collateral, not attacker exposure. breakdown: x.com/slvDev/status/…
English
1
0
1
74
Top 7 Crypto | Analytics & Alpha
Top 7 Crypto | Analytics & Alpha@top7ico·
KelpDAO exploit: $292M minted through a 1-of-1 LayerZero bridge, $177M bad debt now lands on Aave Umbrella The biggest DeFi extraction of 2026 didn’t come from a contract bug. It came from a single line of config. At 17:35 UTC on April 18, an attacker pushed a forged lzReceive call through @KelpDAO LayerZero OFT adapter and minted 116,500 unbacked rsETH - roughly 18% of supply, ~$293.5M. One transaction, one signature. Root cause: the rsETH adapter was running requiredDVNCount: 1 with @LayerZero_Labs as the sole verifier. A $1B+ TVL protocol secured its bridge with a single point of failure. Cashout was textbook. Instead of dumping into DEX liquidity, the attacker used the unbacked tokens as collateral: • Aave Ethereum: borrowed 52,834 WETH • Aave Arbitrum: 29,782 WETH + 821 wstETH • Smaller positions on Compound V3 and Euler before they froze Total borrowed out: $200M–$236M, first hops routed through Tornado Cash within 20 minutes. KelpDAO paused contracts in 46 minutes, but positions already open on third-party lenders can’t be unwound. Aave, SparkLend, Fluid, Ethena, Yearn, Pendle, Beefy, and Lombard all froze rsETH exposure within hours. Every bridged rsETH across ~20 L2s is now structurally impaired. Who actually pays the ~$177M bad debt: Aave Umbrella WETH stakers on Ethereum and Arbitrum. This is Umbrella’s first real-money slashing event - automated, pro-rata, no governance vote. Combined vaults hold ~$260M TVL, putting the slash ratio at 60–70%. Stakers farming a few extra points on top of aWETH are about to lose two-thirds of their position overnight. Bridged rsETH holders take tier 2 pain with a 15–20% haircut as KelpDAO keeps mainnet rsETH whole. The lesson repeats. Contracts worked. EigenLayer was fine. LayerZero’s protocol was fine. The fault sat in the config - the part of the stack auditors don’t review. Before you treat a bridged LRT as 1:1 with its mainnet version, check how many DVNs secure it. That’s the difference between a yield trade and a total loss.​​​​​​​​​​​​​​​​ Great report by @defiprime 🔗 defiprime.com/kelpdao-rseth-…
Top 7 Crypto | Analytics & Alpha tweet mediaTop 7 Crypto | Analytics & Alpha tweet mediaTop 7 Crypto | Analytics & Alpha tweet mediaTop 7 Crypto | Analytics & Alpha tweet media
English
8
1
26
3.2K
Slava S.
Slava S.@slvDev·
rsETH was not minted out of thin air. It was released from the Ethereum OFT escrow adapter after a forged cross-chain message passed a 1-of-1 DVN check. Mainnet rsETH is still fully backed by real ETH. The uncollateralized portion now sits on the L2 bridged versions. Onchain receipt: x.com/slvDev/status/…
English
0
0
3
568
THORChain
THORChain@THORChain·
Another bridge hack another $292 million gone. An attacker forged a cross-chain message on Kelp DAO's LayerZero bridge minted 116500 rsETH out of thin air and used them as collateral to drain real ETH from lending protocols. The emergency multisig paused everything 46 minutes later but the damage was already done. This keeps happening because bridges rely on trusting messages from other chains. When that trust layer gets exploited there is nothing underneath it. Native assets don't have this problem. When you swap on THORChain nothing gets minted nothing gets wrapped and no third party vouches for anything. Real cryptos move between chains validated by the network itself. That is the only model that removes this attack surface entirely. Native or nothing.
Lookonchain@lookonchain

Due to the KelpDAO exploit, the attacker deposited $RSETH into #Aave to borrow $ETH, creating bad debt on #Aave. Many whales have already rushed to withdraw their $ETH from #Aave. $ETH Utilization Rate on Aave has now reached 100%.

English
26
40
318
31.4K
Slava S.
Slava S.@slvDev·
Useful notes. A few onchain details worth adding: the attacker fanned the 116,500 rsETH across 7 fresh EOAs in precomputed chunks (53k / 30k / 10k / 8k / 6k / 5k / 4.5k) within six minutes, and the 53k chunk was the share that reached Aave. The attacker tried again 51 min later and failed because Kelp paused in time. breakdown: x.com/slvDev/status/…
English
2
0
2
149
Poopman (💩🧱✨)
Poopman (💩🧱✨)@poopmandefi·
Documenting the KelpDAO exploit 19/4 : (For myself , as notes) - A fake message landed on L0 EndpointV2, sending from Unichain. - The fake msg is accepted by kelpDAO bridges , which has a 1/1 DVN approval setup. - KelpDAO's vault released 116,500 rsETH (~$292M) into the attacker's wallet after the approval. - Attackers used the stolen rsETH as collateral and borrowed ~53K WETH from Aave on mainnet first. - Then, he bridged some of the stolen rsETH to ARB and borrowed another ~30K WETH and 821 staked wstETH there. - Lastly, he borrowed some more from Compound and Euler on mainnet, est to worth $23M–$59M. - Total real extract is ~$200M (Total damage is still to be confirmed), no other Layer0 OFT is affected. -------------------------------------------------- Post-hack - Within a hour, Zach flagged the first signs of funds going via Tornado Cash. - Within the same hour, Kelp team froze the bridge on ETH and other chain, which stopped 2 subsequent hack attempt. - Aave also froze all rsETH markets on V3 and V4, SparkLend, Fluid, Upshift and others followed. - KelpDAO issued public statement and open for white hat negotiation. - Onchain analyst @senamakel revealed the single verifier setup. - Researcher @BranchM clarified that Unichain was irrelevant, the attack can be chain agonistic and it just happened to chose Unichain. - $177M in bad debt settled across Aave on ETH and ARB according to Chaos Labs. - But this bad debt has a cavent, Aave V3 ETH is technically fully collateralised (rsETH on mainnet is still backed), the actual problem is Aave on ARB. - ARB's Aave hold the actual bad debt and umbrella "should" not bear losses from another chain according to Aave doc (Insight from @llamaonthebrink) , this is yet to be resolved. - Beside rsETH, secondary risk appears. Due to the hack, ETH utilization on Aave spiked at peak 100% that normal ETH liquidations broke. - Therefore, @ringwraith10 recommended Aave governance raise Slope 2 (raising the rate steeply) on ETH immediately to reincentivize more ETH deposits, before a second wave of bad debt comes when ETH price goes lower and still unliquidatable. - On the other hand, @MonetSupply pointed out the potential dominoes effect, where borrowers have no incentive to repay USDT for the potentially discounted ETH, causing USDT at 15% borrowing rate. - For the USDT supplier who do not want any exposure to Aave, they might choose to exit by borrowing USDC at 75% LTV , which might cause risk spreading to a third party. - By the time of writing, Aave has frozen the Core ETH market to prevent any further damage. - CT is now discussing the recovery plan, they estimate that Bridged rsETH holders face a 15-20% haircut, but the exact amount depends on KelpDAO's recovery plan. (Credit to @defiprime for the exploit breakdown and timeline, please read their report)
English
5
4
50
3.9K
Slava S.
Slava S.@slvDev·
An onchain investigation of the @KelpDAO / @LayerZero_Core incident, broken into the stages the attacker actually moved through. Everything below comes from Ethereum mainnet receipts, not from writeups. Each stage traces what happened, how the market reacted, and what the onchain data says about numbers that are still being debated on the feed. Stage one, the setup. Nine hours before the attack, at block 24905614, a fresh address called `0x4966260619701a80637cdbdac6a6ce0131f8575e` received 0.9939 ETH through an internal transfer. When the attacker's own tx went out later, this wallet was still sitting at nonce zero, which means the wallet had never been used for anything before that incoming transfer. The sender of that 0.9939 ETH is interesting. Etherscan labels the address `0x47ce0c6ed5b0ce3d3a51fdb1c52dc66a7c3c2936` as `TornadoCash_eth`. So the funder is the 1 ETH Tornado Cash pool itself, and the 0.9939 figure is the payout minus the Tornado relayer fee. Looking further upstream, the router used was `0xd90e2f925da726b50c4ed8d0fb90ad053324f31b`, which is literally called `TornadoRouter` onchain. The attacker used Tornado to obscure where the gas money came from, and did it cleanly enough that the trail ends at the pool itself. This is worth calling out because several early tweets said the wallet was "pre-funded through Tornado Cash," which is true but vague. The onchain reality is more specific: one 0.9939 ETH withdrawal, nine hours before execution, to a brand new address that only ever did one thing. Stage two, the forged packet. The attack centers on a single forged cross-chain message submitted to LayerZero. The packet itself is readable byte for byte. The version byte reads 1. The nonce reads 308. The source chain ID reads 30320, which is LayerZero's identifier for @unichain. The sender address on the source side is `0xc3eacf0612346366db554c991d7858716db09f58`, which is the rsETH OFT deployment on Unichain. The destination chain ID reads 30101, which is Ethereum mainnet. The destination receiver is `0x85d456b2dff1fd8245387c0bfb64dfb700e98ef3`, which Etherscan has verified as `RSETH_OFTAdapter`. In plain language, the packet claims that a legitimate message had been emitted on Unichain telling the Ethereum adapter to release rsETH. No such message had been emitted on Unichain at that nonce. The DVN that was supposed to verify this claim signed off on it anyway. That signature is the entire breach, and everything else downstream is consequence. The nonce of 308 is oddly specific. Either the attacker knew the exact counter state on the Unichain side when they crafted the forgery, or the DVN was not checking continuity of nonces at all. Neither possibility reads well for the verification layer. Stage three, the commit. At block 24908283 on 2026-04-18 at 17:35:11 UTC, the attacker submitted their first transaction. It was a call to `commitVerification` on the contract at `0xc02ab410f0734efa3f14628780e6e695156024c2`. That contract matters because it is not a Kelp contract. It resolves to `ReceiveUln302`, the LayerZero V2 receive library, deployed by LayerZero Labs in January 2024. The function `commitVerification` is permissionless. Anyone can call it once the required DVN signatures for a given packet already exist. All the actual cryptographic work has happened offchain by the time the transaction goes out. This is the key finding of the investigation. The attacker did not need to be the DVN operator to execute the onchain part of the attack. They only needed the DVN to have already signed the forged packet. Everything that followed was routine on their end. Stage four, the release. Two blocks later, at 24908285, about twenty four seconds after the verification commit, the attacker called `lzReceive` on the LayerZero V2 endpoint at `0x1a44076050125825900e736c501f859c50fe728c`. The transaction burned 94,456 gas and emitted exactly one token transfer event. That event shows 116,500.0000 rsETH moving from the OFT Adapter at `0x85d456b2...` to an address at `0x8b1b6c9a6db1304000412dd21ae6a70a82d60d3b`. That address was labeled in community posts as the "exploiter contract," but onchain it is actually an EOA, not a contract. Its code length is zero. The attack was orchestrated from externally owned accounts, not from a dedicated exploit contract. The rsETH token itself lives at `0xa1290d69c65a6fe4df752f95823fae25cb99e5a7`. At the rsETH spot price during that hour, 116,500 tokens work out to approximately 292M dollars. Stage five, the fan-out. What happened in the following six minutes, between blocks 24908285 and 24908316, is what tells us the attacker had done homework. The exploiter address fanned the entire 116,500 rsETH across seven brand new EOAs, each of which had held zero balance before. The address `0x1f4c1c2e610f089d6914c4448e6f21cb0db3adef` received 53,000 rsETH. `0xeba786c9517a4823a5cfd9c72e4e80bf8168129b` received 30,000. `0xcbb24a6b4dafaaa1a759a2f413ea0eb6ae1455cc` received 10,000. `0x1b748b680373a1dd70a2319261328cab2a6f644c` received 8,000. `0xbb6a6006eb71205e977eceb19fcad1c8d631c787` received 6,000. `0x8d11aeac74267dd5c56d371bf4ae1afa174c2d49` received 5,000. The last one, `0xe9e2f48bb0018276391aec240abb46e8c3cad181`, received 4,500. Those numbers add up to 116,500 exactly. What is less expected is how specific the shares are. Those sizes do not look random. They look like someone measured, in advance, how much rsETH each downstream venue was going to accept before the protocol parameters refused the deposit, and then chose the chunks accordingly. Whoever built this knew the venue caps before the attack started. Stage six, where each chunk actually went. Tracing what happened after each of those seven EOAs received their share, the picture of the full attack strategy emerges. This is the part the feed has mostly not lifted out of the onchain data. The largest share, 53,000 rsETH at `0x1f4c1c2e`, went straight to @aave V3 on Ethereum mainnet. The attacker deposited the entire 53,000 rsETH as collateral and received an equivalent 53,000 aRsETH in return. Against that collateral, they borrowed 52,440 WETH. The position is still open on chain and currently reads 53,000 aRsETH collateral and 52,448.80 variableDebtWETH as the exact onchain numbers at this moment. A secondary position on @aave V3 came from `0x8d11aeac`, which deposited 400 rsETH and borrowed 393.98 WETH. Combined with the `0x1f4c1c2e` position, the attacker's total direct exposure on Aave V3 Ethereum sits at 53,400 rsETH on the collateral side and approximately 52,843 WETH on the debt side. Two of the seven EOAs, `0x1b748b68` and `0xe9e2f48b`, did not stay on Ethereum. They called into a LayerZero helper contract called `LZMultiCall` at `0xacddac6c77318b615f7f6fb9bb67c6833e9c05f1` and bridged their 8,000 and 4,500 rsETH respectively to @unichain and from there out to other destinations. The event logs show destination EID 30110, which is Arbitrum. The attacker was extending the exploit to Aave Arbitrum, and likely other chains, using the same LayerZero infrastructure that had just been compromised. The `0xeba786c9` wallet that received 30,000 rsETH used Lido infrastructure to swap into wstETH and then forwarded the wstETH onward through a series of transactions. The `0xcbb24a6b` wallet that received 10,000 moved through WBTC and WETH intermediaries in a pattern that looks like swap legs on Uniswap. The `0xbb6a6006` wallet that received 6,000 converted directly into roughly 5,580 ETH. So the attack was not a single theft into a single lending market. It was a coordinated multi-chain, multi-venue extraction that used at least three lending protocols, multiple bridges, and parallel swap paths. The 53,000 chunk that reached Aave Ethereum is only the biggest single piece, not the whole story. Stage seven, the Kelp pause. Kelp's OFT adapter is owned by a Gnosis Safe at `0xcbcdd778aa25476f203814214dd3e9b9c46829a1`. The first `execTransaction` call against that Safe after the attack lands at block 24908497, which is 212 blocks after the attack started. At Ethereum's twelve second block time, that works out to roughly 42 minutes. The widely cited "46 minutes from forged message to emergency pause" figure in writeups and news posts is reasonably close to the onchain reality. The Safe signers, visible in the execTransaction callers, are `0x51c5978563`, `0x7aad74b7f0`, and `0xfcc1c98f88`. The pause was not a single tx but a sequence of Safe operations between blocks 24908497 and 24908648, which takes the actual completed pause closer to 47 to 50 minutes after the attack rather than the clean "46 min" framing. Stage eight, the second attempt and why it failed. At block 24908538, roughly 51 minutes after the first attack, the same attacker EOA `0x4966...` submitted another `commitVerification`. It succeeded, which is the part that should bother people. The DVN had signed a second forged packet during the window while Kelp was actively pausing. The verification layer was still approving forgeries. One block later, at 24908539, the attacker called `lzReceive` again. That transaction reverted. A few blocks after, at 24908547, they tried once more and it reverted too. The reason both second attempts failed is that Kelp had, by that point, paused the OFT adapter through their Safe actions, so the downstream execution could no longer complete. The asymmetry is the interesting finding. The Kelp pause worked at the application layer. The LayerZero verification layer kept signing fraudulent packets the whole time. The attacker could have done more damage through other OFT-configured tokens using the same DVN if those tokens had not also been paused by their respective teams. Stage nine, the verified bad debt math. This is where the numbers on Twitter have been all over the map. Onchain, the situation is more boring than most of the estimates. The aRsETH token on Aave V3 Ethereum currently holds 525,760.90 rsETH as its total supply. That is the total rsETH deposited on Aave V3 Ethereum from every depositor combined. Of that, approximately 53,400 rsETH is the attacker's direct deposit across the two EOAs. The other approximately 472,360 rsETH is pre-existing user collateral that was already on Aave before the attack, owned by regular rsETH depositors. The WETH aToken on Aave V3 Ethereum currently holds only 0.01 WETH. The WETH reserve is effectively empty. Total variable debt on WETH across Aave V3 Ethereum runs approximately 2,667,860 WETH. Combined, these two numbers confirm the community claim that WETH borrowing on Aave is at near-100% utilization, which is why borrow rates on USDC and USDT reportedly spiked toward 15 percent in the hours after the attack. The attacker's direct bad debt contribution, meaning the portion of the debt where the attacker's collateral would not cover the loan, depends on how rsETH ultimately gets repriced. If the loss is socialized across all rsETH holders on all chains, the implied writedown sits around 18 percent. Under that scenario, the attacker's position becomes underwater by approximately 13.8M dollars at a rough ETH price of 2,300 dollars per WETH. That is a small piece of the total, and the broader picture becomes one of haircuts on legitimate depositors rather than true bad debt. If instead the bridged L2 versions of rsETH are written down to zero while mainnet rsETH stays fully backed, the mainnet Aave position of the attacker is technically still over-collateralized, and the real bad debt gets concentrated on the Aave Arbitrum and Aave Mantle deployments where the bridged chunks of 8,000 and 4,500 rsETH ended up. Aave Arbitrum reportedly had 62,280 rsETH deposited across all users, and Aave Mantle reportedly had 47,280, both of which would be at risk under this scenario. The technical recalculation currently circulating on Twitter, attributed to one analyst, puts the actual Aave bad debt figure at approximately 75.9M dollars. That number sits roughly in the middle of the two scenarios above and is currently the most defensible estimate in circulation. None of this has been formally endorsed yet by @aave governance. Stage ten, the broader market response. The dollar numbers from market moves should be read as reported rather than independently audited. AAVE token reportedly traded down between ten and fourteen percent in the hours after the attack, with the range depending on which feed someone reads. Ether itself reportedly fell around 3.7 percent to approximately 2,300 dollars. Observers on the @aave side cited roughly 5.4B dollars in ETH withdrawal outflows in the hours that followed the attack. The onchain reality supports the direction of this claim, given that the WETH aToken now reads 0.01 WETH as its balance, but the exact 5.4B number deserves an independent tally before it gets treated as settled. One wallet that many onchain watchers attribute to @justinsuntron reportedly pulled around 65,584 ETH, worth approximately 154M dollars. The movement itself is visible on chain at the addresses attributed to that wallet, but the ownership attribution is not publicly confirmed by the wallet's operator. Borrow rates on USDC and USDT in affected markets reportedly spiked toward 15 percent. Large holders reportedly dumped around 60,000 AAVE tokens across the aftermath. These numbers are consistent with the feed narrative of a liquidity panic, but clean onchain tallies are still being pieced together by observers and have not been formally published. Stage eleven, Aave's safety buffers, verified onchain. On the @aave safety module side, the onchain totals look like this. The legacy stkAAVE safety module holds approximately 2.97M staked AAVE tokens. The stkABPT pool holds approximately 2.84M staked Balancer tokens. The newer stkGHO Umbrella module holds approximately 240M stkGHO. Using rough current prices, the stkGHO module is approximately 240M dollars in backing, the stkAAVE legacy module sits around 250 to 300M dollars depending on AAVE price at the moment of slashing, and the stkABPT module is another 300M or so. Combined, the theoretical safety buffer across all three sits somewhere between 700M and 850M dollars, though whether any given piece of that buffer actually becomes available for this specific loss depends entirely on how Aave governance classifies the incident and which modules they choose to slash. Community posts have cited "Umbrella 40M, legacy 312M" as the number pair, and those figures roughly match the stkAAVE and stkABPT modules specifically, not the combined picture. The stkGHO Umbrella is much larger in headline dollar terms but may not be available for slashing on non-GHO losses without governance action. Stage twelve, the industry-wide shape of the problem. The single Unichain route that was exploited had been configured with a 1-of-1 DVN, meaning one required signer carried the entire cross-chain verification. Community counts put 24 of the 26 rsETH pathways on the identical 1-of-1 @LayerZero_Core Labs setup, which is what turns this from a Kelp accident into a broader industry signal. The attacker only needed to pick one door because one door already turned out to be enough, and the other 23 were structurally identical. The exposure extends well past rsETH. Similar OFT deployments with 1-of-1 or 2-of-2 DVN configurations are running on USDT0, Ethena USDe, Sky USDS, AUSD, USDai, Cap cUSD, Reservoir rUSD, infiniFi iUSD, @ether_fi weETH, mETH cmETH, and Puffer pufETH. PYUSD is reportedly deployed on a similar @LayerZero_Core OFT configuration controlled by a single EOA owner, with a self-reported market cap above 9B dollars. After the Kelp incident, USDT0, Ethena, Sky, EtherFi, and Cap paused their bridges preemptively. LayerZero's own founder announced in a live chat during triage that LayerZero Labs has blocked all weak configs, specifically 1-of-1, from its own infrastructure and is actively helping other protocols migrate to stronger configurations. This is actual post-incident action and has not yet been widely picked up on the feed. Pulling it all together. The short version is that no contract was exploited in the sense people usually mean. Every line of solidity across @LayerZero_Core, @KelpDAO, @aave, @compoundfinance, @MorphoLabs, SparkLend, Fluid, and Euler executed correctly. The breach was a single offchain validator signing a packet that described a source-chain event which had never happened. That signature was enough, because the verification threshold on that route was one required signer. The attacker built the attack with the kind of precision that suggests the DVN compromise was not opportunistic. The 7-way fanout, the precomputed venue caps, the parallel bridge-outs to other chains, and the nine-hour Tornado timing all point to a planned operation, not a smash-and-grab. The Kelp response worked at the application layer, forty two minutes from attack to the first Safe action. The LayerZero verification layer continued signing forged packets into the second attempt window, which is the more uncomfortable piece. The bad debt, once the dust settles, is probably smaller than the opening estimates of 177 to 200M dollars and larger than the pure "only attacker's position is underwater" minimum. The 75.9M dollar technical recalc is currently the most defensible middle. Whichever way the haircut politics land, the outcome will set precedent for how every other 1-of-1 OFT-configured asset gets treated the next time this happens.
English
0
2
7
713
Slava S.
Slava S.@slvDev·
116,500 rsETH split across 7 fresh EOAs in specific chunks (53k / 30k / 10k / 8k / 6k / 5k / 4.5k). The 53k chunk went to a single EOA that deposited into Aave V3 Ethereum in incremental chunks (1, then 5k, then 20k, etc) and borrowed WETH against each. The Aave aToken balance you cite (~525k) already includes the attacker's deposits. Roughly 472k was legitimate user collateral pre-attack, ~53k is attacker. The distinction still matters for the writedown base. breakdown: x.com/slvDev/status/…
English
0
0
4
1.7K
Wismerhill
Wismerhill@0xWismerhill·
To estimate the Aave bad debt from rsETH: - 525.80K rsETH deposited on Ethereum - 62.28K rsETH deposited on Arbitrum - 47.28K rsETH deposited on Mantle Total = 635.36K rsETH rsETH supply pre-hack was 629,689 backed by 675,401 ETH. 1 ETH = 0.9349 rsETH. Post hack supply is 746,189. 1 ETH = 1.1048 rsETH. Supply inflated by 18%. rsETH LLTV is 95%, so LTV is 93% So bad debt for Aave = $1.57B (635.36K rsETH) * LTV (0.93) * loss of backing of rsETH (0.18) = ~$262M bad debt accross all 3 instances
English
8
13
156
25.6K
Slava S.
Slava S.@slvDev·
@LayerZero_Core @KelpDAO @_SEAL_Org no LZ contract was exploited. the forged packet cleared because 24 of 26 rsETH routes ran 1-of-1. postmortems land cleaner when code and configuration get analyzed as separate layers
English
0
0
4
2.4K
LayerZero
LayerZero@LayerZero_Core·
We’re fully aware of the rsETH exploit and have been in active remediation with the @KelpDAO team since the incident and continue to monitor. All other applications remain safe. We are still identifying the root cause alongside @_SEAL_Org and others. We will publish a complete post-mortem with @KelpDAO as soon as we have all information.
English
147
86
737
177.9K

Keşfet

@wevm_dev @amorfati @OpenAI @fiorescan @Certora @0G_labs @AITECHio @arbitrum