Unmasking a Nation-State Threat
On April 18, an attack targeting Kelp DAO's $rsETH, a liquid restaking token, led to the minting of 116,500 unbacked $rsETH tokens. Crypto researcher Banteg analyzed and reconstructed the $292 million exploit, identifying North Korea's state-sponsored Lazarus Group as the perpetrator. Banteg's forensic analysis, derived solely from on-chain data, uncovered the group's attack workspace, revealing operational plans.
Vulnerability of Omnichain and Liquid Restaking
The incident exploited LayerZero's cross-chain infrastructure, used by Kelp DAO for $rsETH bridging. LayerZero's architecture, designed for omnichain interoperability, relies on a system of verifiers for message authentication. The root cause was a compromise of LayerZero's RPC nodes, with three specific RPCs affected. This compromise, coupled with a critical '1-of-1 DVN misconfiguration' and a single-verifier setup, allowed the Lazarus Group to forge a single LayerZero verification, enabling the minting of unbacked $rsETH tokens across 20 different chains. The exploit also involved RPC poisoning and a Distributed Denial of Service (DDoS) attack that reportedly neutralized backup systems, facilitating the unauthorized minting. The exploit's reliance on cross-chain bridge vulnerabilities echoes past incidents such as the Ronin Bridge or Harmony Bridge exploits. The integrity of liquid restaking tokens like $rsETH, which represent staked $ETH and are used as collateral in lending markets.
Exploit Mechanics and Timeline
After compromising LayerZero's RPC nodes and exploiting the '1-of-1 DVN' vulnerability, the Lazarus Group minted unbacked $rsETH tokens. These unbacked tokens were then deposited as collateral on the Aave lending protocol, allowing the attackers to borrow nearly $200 million in $WETH. Kelp DAO detected the anomaly and blocked a subsequent attempt by the attackers to drain an additional $95 million in $rsETH. Banteg's forensic work revealed internal notes from the Lazarus Group's workspace, detailing their methodology. These notes specified key details such as the '1-of-1 DVN' setup and a 'source nonce stuck at 307', offering a rare glimpse into a nation-state hacking operation. The stolen funds, after conversion, moved through various channels, including THORChain for conversion into $BTC, as well as Umbra and Tornado Cash.
Market Impact and Community Reaction
Aave, a primary target for the attacker's borrowed funds, experienced substantial outflows, with total deposits plummeting by approximately one-third, from $48.5 billion to $30.7 billion—a $15.1 billion outflow within three days. Aave froze its $rsETH markets and later partially unfroze $WETH reserves on Ethereum Core V3, maintaining a Loan-to-Value (LTV) ratio of 0. Community sentiment regarding Aave's handling of bad debt registered at -78, reflecting concerns about the protocol's exposure and ongoing discussions around the 'socialization of losses' across $rsETH holders. Separately, Arbitrum's Security Council froze $71 million of the stolen funds (30,766 $ETH). This intervention generated mixed community reactions, with sentiment registering at -41 concerning the chain's degree of centralization. Lido Finance reported an exposure of approximately $21.6 million tied to $rsETH through its EarnETH product, stemming from leveraged positions on Aave. SparkLend recorded $1.4 billion in inflows following Aave's outflows. The incident became the largest DeFi exploit of the year, surpassing a $285 million loss from Drift earlier in April.
Current State and Repercussions
Aave DAO service providers are working with ecosystem participants to address the potential bad debt resulting from the $rsETH incident. Aave's insurance fund, which stood at $54 million, was substantially less than the total bad debt risk, which approached $200 million from the exploit. Questions have been raised about Aave's risk management, particularly concerning its risk advisor, Tokenlogic, which was reportedly paid by Kelp DAO for treasury management and simultaneously advocated for an 86% LTV for $rsETH as Aave collateral. This proposal passed governance despite the disclosed conflict of interest. Kelp DAO publicly prepared a memo placing blame on LayerZero for the exploit, asserting adherence to LayerZero’s official documentation, default configurations, and team guidance, and clarifying that its own systems were not at fault. Michael Egorov, founder of Curve, publicly called for industry-wide DeFi security standards, directly referencing the Aave and $rsETH incidents as examples of centralized vulnerabilities. While Kelp DAO has affirmed that all $rsETH on mainnet is fully backed, the $rsETH peg across various Layer 2 networks remains unstable. The funds frozen by Arbitrum represent only a fraction of the total stolen amount, with the majority of the illicitly acquired assets having moved through various mixers and cross-chain bridges.