Executive Summary
DeFi United, a coalition representing key participants across the decentralized finance ecosystem, released a detailed technical implementation plan this week to restore the backing of Kelp DAO’s rsETH token. The plan targets the recovery of about 107,000 rsETH that remain under the control of the attacker who exploited the LayerZero‑powered bridge linking Unichain and Ethereum. By coordinating with lending platforms Aave and Compound, DeFi United hopes to seize the remaining collateral and rebalance the rsETH supply.
What Happened
The incident unfolded when a forged inbound packet was sent through the rsETH bridge that connects Unichain to Ethereum. The packet was verified on Ethereum without a corresponding burn event on Unichain, allowing the bridge adapter on the Ethereum side to release 116,500 rsETH erroneously. The attacker quickly moved the stolen tokens across several addresses and deposited them as collateral on major lending protocols, notably Aave and Compound.
Analysis of blockchain activity shows that seven addresses linked to the exploiter still hold active rsETH‑backed positions on those platforms. Together, those positions represent roughly 107,000 rsETH, meaning the majority of the stolen tokens remain locked in the lending ecosystem rather than being sold or moved further.
Background / Context
rsETH is a synthetic representation of ETH created by Kelp DAO, designed to provide liquidity and yield‑earning opportunities on multiple chains. Its cross‑chain functionality relies on a LayerZero‑powered bridge that synchronizes token balances between Unichain and Ethereum. The bridge’s security model requires a burn on the source chain (Unichain) before minting on the destination chain (Ethereum). In this case, the attacker forged a packet that bypassed the burn verification, effectively minting rsETH out of thin air.
LayerZero has been praised for its low‑latency, omnichain communication, but the exploit highlights the challenges of ensuring atomicity across heterogeneous blockchains. The incident has sparked renewed discussions about formal verification, multi‑signature guardrails, and real‑time monitoring for cross‑chain adapters.
Reactions
DeFi United’s spokesperson emphasized the coalition’s commitment to user protection and ecosystem integrity. The organization announced that its technical team has already begun coordinating with Aave and Compound to identify the exploiter’s collateral positions and to trigger automated liquidation or reclamation mechanisms where possible.
Representatives from Aave and Compound confirmed receipt of the recovery plan and pledged cooperation. Both platforms noted that the rsETH‑backed positions are subject to their standard risk parameters, and that any forced liquidation will be executed in accordance with existing protocol rules.
The broader DeFi community reacted with a mix of concern and optimism. While many expressed frustration over the breach, the swift publication of a concrete remediation roadmap was widely praised as a sign that the ecosystem can self‑organize in the face of attacks.
What It Means
Recovering the 107,000 rsETH still locked on lending protocols would restore roughly 92% of the token’s original backing, reinforcing confidence in Kelp DAO’s synthetic asset model. Successful reclamation would also set a precedent for coordinated cross‑protocol responses to bridge failures, demonstrating that decentralized entities can collectively mobilize technical and governance tools without relying on a single point of authority.
However, the incident underscores the systemic risk that cross‑chain bridges introduce. As more assets become omnichain, the attack surface expands, and a single vulnerability can ripple across multiple platforms. Stakeholders are likely to prioritize stronger verification layers, real‑time auditing, and insurance mechanisms to mitigate future exposures.
What Happens Next
DeFi United’s plan outlines a three‑phase approach. Phase one involves deploying on‑chain monitoring scripts that flag rsETH balances exceeding predefined thresholds on Aave and Compound. Phase two will trigger automated calls to each protocol’s liquidation engine, targeting the seven exploiter‑controlled addresses. Phase three focuses on post‑recovery audit and community reporting to ensure transparency.
The coalition aims to complete the reclamation effort within the next two weeks, pending successful coordination with the lending platforms and any necessary governance votes. Kelp DAO is expected to announce an update to its tokenomics once the recovered rsETH is re‑minted or burned, thereby rebalancing the supply.
In parallel, LayerZero’s development team has pledged to release a hardening patch for its bridge contracts, incorporating additional proof‑of‑burn checks and multi‑signature validation. The broader DeFi ecosystem will be watching closely, as the outcome could influence design choices for upcoming cross‑chain projects.