Overview
- Kelp sent the last tranche of 20,373.72 rsETH on Monday, May 25, closing the active refilling phase that restored the LayerZero OFT adapter’s escrow and reopened cross‑chain bridging.
- The April 18 exploit released roughly 116,000–117,000 rsETH after an attacker delivered a forged LayerZero message that triggered unauthorized releases from the adapter’s lock‑and‑mint system.
- The attacker deposited stolen rsETH on Aave to borrow large amounts of WETH, producing about $190 million in bad debt and forcing temporary freezes, emergency transfers and governance‑led recapitalization steps.
- Post‑incident forensics disagree on the precise failure: Galaxy and others point to a 1‑of‑1 verifier configuration, while LayerZero cites poisoned RPC nodes and a denial‑of‑service event that exposed the verifier to compromised data.
- With operational refilling complete, protocols now monitor reserves and reconcile transfers, and the incident has pushed plans for stricter attestor rules and moves toward alternative messaging like Chainlink CCIP to reduce single‑point verification risk.