According to a recent LinkedIn post from Messari, the recent $292 million exploit of Kelp DAO’s rsETH bridge is being linked to a misconfigured cross-chain messaging setup using LayerZero’s EndpointV2. The post indicates that attackers, believed to be associated with North Korea’s Lazarus Group, allegedly compromised two nodes in LayerZero’s Decentralized Verification Network and forged messages that caused Kelp’s bridge to release unbacked rsETH.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The company’s LinkedIn post highlights that Kelp reportedly operated a 1-of-1 DVN configuration despite prior warnings, leaving its bridge architecture dependent on a single signer and vulnerable to compromise. As described by Messari, this flaw allowed the protocol to “trust” any signed message from that DVN, turning a single-point failure into a systemic liquidity drain.
According to the LinkedIn post, the aftermath has extended well beyond Kelp, with wrapped rsETH depegging across more than 20 chains and Kelp pausing rsETH contracts on Ethereum mainnet and several layer-2 networks. Multiple lending platforms, including Aave, SparkLend, and Fluid, reportedly froze rsETH markets in an effort to contain further contagion and limit additional borrowing activity.
Messari’s post cites its Ask Messari data to suggest substantial downstream losses, including an estimated $123.7 million to $230.1 million in unrecoverable bad debt at Aave and a decline in Aave’s total value locked from roughly $45.8 billion to $35.7 billion. Broader DeFi TVL is described as falling by more than $13 billion within 48 hours, while the AAVE token reportedly dropped about 25%, briefly trading as low as $87.
The LinkedIn analysis further notes that WETH markets saw 100% utilization, triggering approximately $6.2 billion in lender outflows as liquidity providers exited positions. These figures, if sustained, could matter for investors tracking credit risk, liquidity conditions, and tail-risk events across major DeFi lending platforms.
As for recovery steps, the post reports that the Arbitrum Security Council froze about 30,766 ETH, valued near $71 million, linked to the exploit, and that Kelp suspended all rsETH contracts on mainnet and L2s while it evaluates next moves. LayerZero has reportedly banned 1-of-1 DVN configurations going forward, and Kelp is said to be considering a 16% proportional loss socialization across rsETH holders, which could directly impact investor recovery paths.
For investors, Messari’s post underscores that smart contract code quality and infrastructure configuration remain critical risk factors in DeFi, even for protocols integrated with established middleware providers. The analysis suggests that this event may prompt more stringent risk management, including multi-signer verification standards, more conservative collateral policies, and heightened due diligence by both institutional and retail capital allocators.
The scale of the described losses and market moves could influence valuations of DeFi governance tokens, capital flows into restaking and liquid staking products, and the risk premium investors demand for cross-chain protocols. If regulators and institutional investors interpret the exploit as evidence of structural vulnerabilities in restaking and bridging, funding conditions for similar projects may tighten, while security-focused infrastructure providers could see comparatively stronger demand.