The final tranche of 20,373.72 rsETH has been deployed into the LayerZero lockbox, closing the operational phase of the DeFi United recovery. Aave founder Stani Kulechov confirmed that "rsETH is now fully restored." Withdrawals and bridging are open, and all affected Aave WETH markets are operating under standard parameters.

The recovery followed the April 18 LayerZero bridge exploit in which an attacker minted 116,500 unbacked rsETH, borrowed an estimated $236 million in WETH across Aave, Compound, and Euler, and routed stolen funds through THORChain. DeFi United is a coordinated relief effort led by Aave service providers with major contributions from various DeFi protocols.

ETHConf lands in NYC June 8-10, bringing together 5,000+ attendees, 150+ speakers, and 100+ companies across Ethereum, stablecoins, and institutional adoption.

Get your tickets at ethconf.com and use code ETHDAILY for 30% off General and 20% off VIP.

Disclaimer: Content is for informational and educational purposes only and does not constitute financial, investment, legal, or other professional advice. No representations or warranties are made as to accuracy, completeness, or timeliness. Use of this content is at your own risk, and you should consult a qualified professional before making decisions. No fiduciary or advisory relationship is created

LayerZero Labs published a full post mortem on the April 18 attack on KelpDAO's rsETH bridge. LayerZero attributed the attack to TraderTraitor, the same group behind the $1.5B Bybit hack in February 2025. The attack began six weeks earlier, on March 6, when an attacker tricked a LayerZero developer into cloning a malicious GitHub repo that dropped malware on their macOS machine, harvesting session keys and opening a path into LayerZero's internal RPC infrastructure.

The attacker quietly poisoned two internal RPC nodes to return forged chain state while appearing clean to LayerZero's own monitoring tools. On the day of the exploit, the attacker launched a denial-of-service attack against an external RPC provider to force the DVN signing service onto the compromised nodes exclusively.

The result was a valid attestation for a fabricated cross-chain message. LayerZero again pointed blame to KelpDAO's single-DVN setup that allowed one valid attestation to unlock 116,500 rsETH on Ethereum. LayerZero says it will now refuse to sign as the sole required attestor on any channel. KelpDAO's rsETH recovery entered its final stage earlier this month, and Kelp resumed withdrawals on May 15.

ETHConf lands in NYC June 8-10, bringing together 5,000+ attendees, 150+ speakers, and 100+ companies across Ethereum, stablecoins, and institutional adoption.

Get your tickets at ethconf.com and use code ETHDAILY for 30% off General and 20% off VIP.

Disclaimer: Content is for informational and educational purposes only and does not constitute financial, investment, legal, or other professional advice. No representations or warranties are made as to accuracy, completeness, or timeliness. Use of this content is at your own risk, and you should consult a qualified professional before making decisions. No fiduciary or advisory relationship is created

Aave has fully restored the loan-to-value ratios across all V3 WETH market deployments affected by the rsETH exploit, including Ethereum Core, Ethereum Prime, Arbitrum, Base, Mantle, and Linea. Parameters are now set to their pre-incident values. KelpDAO is also consolidating its rsETH bridging support, dropping support for 20 chains effective June 15.

Holders on selected chains are urged to bridge back to Ethereum mainnet, with post-deadline recovery available for a 100 USDC fee. Compound, Euler, and Aave successfully liquidated the attacker's collateral positions. The restorations bring a soft close to the DeFi United recovery initiative. Aave Pro has since added a read-only portfolio view for V4 positions.

ETHConf lands in NYC June 8-10, bringing together 5,000+ attendees, 150+ speakers, and 100+ companies across Ethereum, stablecoins, and institutional adoption.

Get your tickets at ethconf.com and use code ETHDAILY for 30% off General and 20% off VIP.

Disclaimer: Content is for informational and educational purposes only and does not constitute financial, investment, legal, or other professional advice. No representations or warranties are made as to accuracy, completeness, or timeliness. Use of this content is at your own risk, and you should consult a qualified professional before making decisions. No fiduciary or advisory relationship is created