LayerZero: KelpDAO $290M rsETH exploit isolate wit one DVN

LayerZero tok say na di na im na wahala for LayerZero protocol dat mek KelpDAO $290 million rsETH exploit on April 20, na na di be problem for protocol but na application-layer matter wey connect to KelpDAO ‘single-DVN’ setup. For LayerZero update, dem talk say di breach bin isolate to KelpDAO rsETH flow, wit ‘zero contagion’ to oda LayerZero-integrated assets. Di company still give new operational details an clues for who do am. Early signs dey point to DPRK Lazarus Group, especially di ‘TraderTraitor’ subgroup. LayerZero claim say di attacker pivot through LayerZero Labs DVN-dependent RPC infrastructure: dem allegedly poison downstream RPCs, swap binaries for compromised op-geth nodes, den use DDoS pressure to steer verification go di tainted nodes while dem rely on RPC spoofing to reduce detection. LayerZero say dia DVN instances no directly compromise because of least-privilege controls. For mitigations, LayerZero report say dem deprecated di affected RPC nodes an stop sign/attest for 1/1 (single-DVN) configs. Dem dey coordinate wit partners an law enforcement (including Seal911) to track funds. Aave reply say rsETH for Ethereum mainnet still fully backed, but rsETH still frozen on Aave V3 an V4, wit exposure capped. WETH reserves still frozen across affected markets (Ethereum, Arbitrum, Base, Mantle, Linea) while dem dey do data validation. For traders, di rsETH exploit story shift di risk from wide cross-chain contagion to configuration hardening an verifier redundancy. But Aave freezes fit keep rsETH liquidity constrained short-term, wey fit amplify volatility even if ‘zero contagion’ reduce systemic bridge fears.