• KelpDAO $290m LayerZero bridge exploit.

• Aave freezes WETH and LST markets.

• Fluid aWETH Redemption Protocol.

• LayerZero RPC-poisoning attack.

• Eth.limo suffers nameserver hijack.

EarnUSD is a stablecoin vault by Lido for earning transparent, onchain USD-denominated rewards. Get started today at stake.lido.fi/earn

KelpDAO suffered a $290 million exploit involving its LayerZero-powered cross-chain bridge. An attacker released 116,500 rsETH from the bridge contract on Ethereum mainnet without a corresponding burn on L2, representing roughly 18% of the rsETH circulating supply. The funds were used as collateral across Aave V3, Compound V3, and Euler to borrow an estimated $236 million in WETH. Read more →

Large depositors, including Justin Sun and MEXC, withdrew millions from Aave in the hours following the KelpDAO exploit. Aave disabled rsETH markets on V3 and V4, disabled WETH markets across Ethereum, Arbitrum, Base, Mantle, and Linea, and disabled borrowing on all LST and LRT collateral types. Aave's TVL has fallen by $8.4 billion since the rsETH exploit. Read more →

Fluid launched the aWETH Redemption Protocol, allowing Aave lenders to swap aWETH collateral for wstETH or weETH at a cost of approximately 2%. Fluid is able to offer the service because it operates a leveraged looping vault holding $144 million in Aave positions that it is looking to unwind. The solution currently only supports swaps on Ethereum mainnet. Read more →

LayerZero published a statement claiming the exploit stemmed from a sophisticated RPC-poisoning attack and attributed the incident to the TraderTraitor subgroup of North Korea's Lazarus Group. LayerZero Labs placed responsibility on KelpDAO's 1-of-1 DVN configuration and stated it will no longer support single-DVN setups. Read more →

Eth.limo, a Web2 gateway that enables ENS domains to be accessed over HTTPS, suffered a domain hijack on April 17, 2026. An attacker tricked the DNS registrar EasyDNS into carrying out a fraudulent account recovery, though DNSSEC contained an attack. Eth.limo plans to migrate to Domainsure, which eliminates account recovery options. Read more →

• Bitmine buys 101k ETH

• CoinCenter report on code is speech

• ENS IPFS hosted apps

• L2Beat interactive interop page

• Vercel suffers a data breach

• 26 protocols paused OFT

• Solidity survey results

• Privacy Cash live on Base

• Base agent market

Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.

Fluid launched the aWETH Redemption Protocol, allowing Aave lenders to swap aWETH collateral for wstETH or weETH at a cost of approximately 2%. The service aims to help Aave users stranded by the market cascade amid frozen markets on Aave following the KelpDAO bridge exploit. It allows users to regain control of a liquid, unaffected collateral asset without needing to close or unwind their position.

Fluid is able to offer the service because it operates a leveraged looping vault holding $144 million in Aave positions that it is looking to unwind. By buying aWETH from trapped lenders and using it to repay its own ETH debt on Aave, Fluid simultaneously frees users, creating a mutually beneficial solution. The solution currently only supports swaps on Ethereum mainnet.

EarnUSD is a stablecoin vault by Lido for earning transparent, onchain USD-denominated rewards. Get started today at stake.lido.fi/earn

Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.

LayerZero published a statement claiming the $290 million KelpDAO exploit stemmed from a sophisticated RPC-poisoning attack that manipulated its DVN's verification process. It attributed the attack to the TraderTraitor subgroup of North Korea's Lazarus Group. According to LayerZero, the attackers compromised RPC nodes and fed forged data directly to the DVN while masking activity from monitoring systems.

LayerZero Labs placed responsibility on KelpDAO, arguing its 1-of-1 DVN configuration enabled the exploit, even though LayerZero's own DVN was the sole verifier KelpDAO relied on. LayerZero stated that it will no longer support single-DVN setups. The company also did not outline any intentions to compensate impacted users. Aave subsequently froze WETH and LST markets as the exploit rippled through DeFi.

EarnUSD is a stablecoin vault by Lido for earning transparent, onchain USD-denominated rewards. Get started today at stake.lido.fi/earn

Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.