Executive Summary
KelpDAO’s liquid restaked token, rsETH, lost its one‑to‑one peg to Ether on April 23, sinking to $1,723. The depeg was traced to a security breach that investigators suspect was carried out by hackers with ties to North Korea. The incident has reignited calls for a unified security standard for cross‑chain bridges, a sentiment echoed by Flare’s Chief Product Officer, Filip Koprivic.
What Happened
On April 23, rsETH—a token that represents staked Ether and is designed to retain a stable 1:1 value with the underlying asset—dropped below its peg, reaching a low of $1,723. The deviation was linked to a breach of the bridge that moves assets between Ethereum and the KelpDAO ecosystem. While the investigation remains ongoing, preliminary forensic analysis points to a group of hackers believed to be backed by the North Korean regime.
The breach compromised the bridge’s collateral management logic, allowing malicious actors to manipulate the token’s redemption process. As a result, holders of rsETH faced an unexpected loss of value, prompting a wave of alarm across DeFi communities that rely on similar restaking mechanisms.
Background / Context
KelpDAO launched rsETH as a liquid restaked token that lets users earn staking rewards while retaining the ability to trade or use the token in other protocols. The token’s value is anchored to Ether through a smart‑contract bridge that locks the underlying ETH and issues rsETH on a separate chain.
Cross‑chain bridges have become critical infrastructure for the expanding DeFi landscape, but they also present a concentrated attack surface. Past incidents involving bridge exploits have underscored the difficulty of safeguarding assets that move across heterogeneous blockchains. The rsETH depeg adds another data point to the growing list of vulnerabilities that regulators and developers are struggling to address.
Reactions
Flare’s Chief Product Officer, Filip Koprivic, responded to the incident by emphasizing that bridge security must be treated as a core component of collateral risk management. He warned that “bridges are not peripheral utilities; they are integral to the safety of any restaked or tokenized asset.”
Within the KelpDAO community, members called for an immediate audit of the bridge’s code and a transparent roadmap for remedial measures. Although KelpDAO has not released a detailed statement, its developers have pledged to work with external security firms to pinpoint the vulnerability and restore confidence.
Industry observers note that the attribution to a North Korean‑backed group raises geopolitical concerns, as state‑aligned actors increasingly target high‑value crypto infrastructure for both financial gain and strategic disruption.
What It Means
The rsETH incident spotlights a systemic gap in how the crypto ecosystem approaches bridge security. While individual projects often conduct internal audits, there is no universally accepted standard that defines minimum security requirements for cross‑chain bridges.
Stakeholders are now urging the formation of a cross‑industry working group that could establish baseline security protocols, including formal verification of bridge contracts, regular third‑party audits, and real‑time monitoring of bridge activity. Such standards could help mitigate the risk of future depegs and protect users who depend on liquid restaked assets for yield generation.
For investors and developers, the incident serves as a reminder to evaluate collateral risk beyond the underlying asset and to consider the robustness of the underlying infrastructure. As DeFi continues to mature, the pressure to codify bridge security into best‑practice guidelines is likely to intensify.