Fluid Launches aWETH Redemption Protocol
Fluid is letting Aave lenders swap aWETH collateral for wstETH or weETH at a cost of approximately 2% amid frozen Aave markets.
Fluid launched the aWETH Redemption Protocol, allowing Aave lenders to swap aWETH collateral for wstETH or weETH at a cost of approximately 2%. The service aims to help Aave users stranded by the market cascade amid frozen markets on Aave following the KelpDAO bridge exploit. It allows users to regain control of a liquid, unaffected collateral asset without needing to close or unwind their position.
Fluid is able to offer the service because it operates a leveraged looping vault holding $144 million in Aave positions that it is looking to unwind. By buying aWETH from trapped lenders and using it to repay its own ETH debt on Aave, Fluid simultaneously frees users, creating a mutually beneficial solution. The solution currently only supports swaps on Ethereum mainnet.
EarnUSD is a stablecoin vault by Lido for earning transparent, onchain USD-denominated rewards. Get started today at stake.lido.fi/earn
Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.
LayerZero RPC-Poisoning Attack
LayerZero attributed the KelpDAO exploit to an RPC-poisoning attack by the TraderTraitor subgroup of North Korea's Lazarus Group.
LayerZero published a statement claiming the $290 million KelpDAO exploit stemmed from a sophisticated RPC-poisoning attack that manipulated its DVN's verification process. It attributed the attack to the TraderTraitor subgroup of North Korea's Lazarus Group. According to LayerZero, the attackers compromised RPC nodes and fed forged data directly to the DVN while masking activity from monitoring systems.
LayerZero Labs placed responsibility on KelpDAO, arguing its 1-of-1 DVN configuration enabled the exploit, even though LayerZero's own DVN was the sole verifier KelpDAO relied on. LayerZero stated that it will no longer support single-DVN setups. The company also did not outline any intentions to compensate impacted users. Aave subsequently froze WETH and LST markets as the exploit rippled through DeFi.
EarnUSD is a stablecoin vault by Lido for earning transparent, onchain USD-denominated rewards. Get started today at stake.lido.fi/earn
Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.
ETH Limo Nameserver Hijack Via EasyDNS
An attacker impersonated a team member and tricked EasyDNS into executing a fraudulent account recovery, briefly hijacking eth.limo's nameservers.
Eth.limo, a Web2 gateway that enables ENS domains to be accessed over HTTPS, suffered a domain hijack on April 17, 2026. An attacker impersonated a team member and successfully tricked the DNS registrar EasyDNS into carrying out a fraudulent account recovery request.
The attacker then redirected the nameservers as part of a phishing campaign attempt, however, the attack was effectively contained, with resolvers returning SERVFAIL responses, thanks to DNSSEC. EasyDNS regained control of the account and reversed the malicious nameserver changes within eight hours of the incident. EasyDNS CEO Mark Jeftovic publicly apologized for the incident. Eth.limo says it plans to migrate to Domainsure, which eliminates account recovery options.
EarnUSD is a stablecoin vault by Lido for earning transparent, onchain USD-denominated rewards. Get started today at stake.lido.fi/earn
Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.