Kelp DAO has finished the operational phase of its rsETH recovery plan, restoring full cross-chain functionality more than five weeks after an April 18 exploit that ultimately cost the protocol roughly $293 million. Investigators attributed the attack to North Korea-linked Lazarus Group; the breach drained about 116,500 rsETH from Kelp’s bridge infrastructure.
What changed today
- Kelp DAO transferred the final tranche—20,373.72 rsETH—to the LayerZero OFT adapter that handles token locking, minting, burning and releases for cross-chain transfers. The protocol says this step closes the operational part of the recovery plan and restores rsETH backing.
- Earlier recovery steps included a May 13 transfer of 25,000 rsETH that reopened withdrawals and resumed bridging between Ethereum mainnet and supported L2s.
- After the latest move, rsETH minting, redemptions and reward functions are reported to be fully operational again.
How the recovery was funded
Kelp credited part of the restored backing to the DeFi United recovery initiative, a coordinated effort in which multiple DeFi protocols provided support after the exploit.
Ongoing fallout at Aave and market impact
The attack’s ripple effects have persisted in lending markets. Attackers reportedly deposited large amounts of the stolen rsETH into Aave as collateral and borrowed wrapped Ether (wETH) against it. Court filings and governance documents put bad debt from the incident at nearly $190 million across affected Aave markets.
Aave’s total value locked plunged after the exploit—DefiLlama data showed TVL fall from over $26 billion to under $14 billion—where it has since stabilized roughly between $13.9 billion and $15.1 billion. Some protocol functionality has been restored: on May 18, Aave founder Stani Kulechov confirmed that borrowing against wETH collateral resumed on several Aave V3 deployments, including Ethereum, Arbitrum, Base, Mantle and Linea. Those actions follow earlier emergency restrictions put in place after unbacked rsETH entered lending markets.
Legal and governance disputes continue
Legal wrangling surrounds frozen assets tied to the incident. The Arbitrum Security Council froze about 30,765 ETH (roughly $71 million at the time) on April 21; those funds are now subject to competing legal claims. Gerstein Harrow LLP, representing families pursuing terrorism-related judgments against North Korea, argued in court that the assets could be tied to Lazarus Group activity. Aave has pushed back, noting that no court has formally found North Korea or Lazarus responsible and arguing the recovered funds belong to affected users.
Kelp DAO vs. LayerZero
Amid recovery, Kelp announced plans to migrate rsETH’s cross-chain infrastructure from LayerZero’s OFT framework to Chainlink’s Cross-Chain Interoperability Protocol as part of efforts to strengthen bridge security. LayerZero co-founder and CEO Bryan Pellegrino publicly disputed several of Kelp’s claims about bridge configurations and approvals, calling some statements “completely untrue” and pushing back on Kelp’s characterization of their setup and security posture.
Bottom line
Operationally, rsETH is back: users can mint, redeem, earn rewards and bridge rsETH across chains again. But significant legal, governance and market consequences from the April exploit remain unresolved, including litigation over frozen assets and outstanding bad debt in lending markets. The episode has also prompted scrutiny of cross-chain bridge architectures and fresh debate between protocol teams over where and how to secure future bridging infrastructure.
Read more AI-generated news on: undefined/news
