Kelp DAO hack and LayerZero DVN dispute: rsETH bridge loss hits Aave V3
The Kelp DAO hack on April 18 caused the loss of 116,500 rsETH, after an attacker allegedly compromised LayerZero DVN RPC nodes, poisoned two nodes, then used a DDoS to get the DVN to sign off a fraudulent cross-chain message and drain funds from the Kelp DAO bridge. Kelp DAO denied sole responsibility, saying its 1-of-1 DVN setup was the default in LayerZero documentation for new OFT deployments and was reviewed when expanding to Layer 2.
LayerZero disputed this, calling the 1-of-1 DVN design a single point of failure and saying validator diversification best practices were not followed. Kelp DAO responded by pausing affected contracts, blacklisting attacker-linked wallets, and considering how to resume safely.
The Kelp DAO hack also spilled into Aave: the attacker deposited stolen rsETH into Aave V3 as collateral, then borrowed large amounts of WETH and wstETH. Aave warned bad-debt outcomes depend on how losses are allocated and could be significant. For traders, the immediate takeaway is renewed counterparty and collateral risk around rsETH and Aave V3 credit, with potential follow-through volatility if restitution or oracle-ratio updates worsen losses.
Bearish
This is bearish for rsETH-related pricing because the Kelp DAO hack directly reduces trust in the rsETH cross-chain flow and introduces concrete collateral/credit risk in Aave V3. In the short term, the LayerZero vs Kelp DAO dispute and the need to pause/resume contracts can keep liquidity and risk premia elevated. Over the medium term, any bad-debt outcome from Aave V3—driven by how restitution and oracle ratio updates are accounted for—can translate into persistent downside pressure on assets tied to the same collateral chain. Traders should monitor signals around rsETH depeg/liq conditions and Aave collateral health after the incident.