hodler

6 May 2026, 22:26

Aave liquidates attacker positions in rsETH exploit recovery effort

Aave has liquidated attacker rsETH positions, securing collateral as part of its recovery process following the April exploit.

6 May 2026, 21:44

U.S. Bitcoin Reserve update coming in 'next few weeks," White House adviser says

White House digital-assets adviser Patrick Witt cited a recent exploit involving assets held by the U.S. Marshals as proof federal crypto holdings need safeguarding.

6 May 2026, 21:25

Aave Completes Liquidation of KelpDAO Hacker’s Remaining rsETH Position Across Ethereum and Arbitrum

BitcoinWorld Aave Completes Liquidation of KelpDAO Hacker’s Remaining rsETH Position Across Ethereum and Arbitrum Aave, a leading decentralized finance protocol, has executed the liquidation of the remaining rsETH position linked to the KelpDAO hacker. The move, reported by The Block, represents the final step in a previously disclosed recovery plan that required a governance vote to temporarily adjust the rsETH oracle price. The liquidation was carried out on both the Ethereum and Arbitrum networks, marking a coordinated effort to recover funds stolen in an earlier exploit. Background of the KelpDAO Exploit and Recovery Plan The KelpDAO hack, which occurred earlier this year, resulted in the theft of significant crypto assets, including rsETH tokens. In response, the Aave community and the KelpDAO team collaborated on a recovery strategy. A critical component of this plan was a governance proposal that temporarily modified the oracle price feed for rsETH on Aave. This adjustment was necessary to accurately reflect the asset’s value and enable the liquidation of the hacker’s position without causing undue market disruption or further losses to the protocol. The liquidation process on Aave is automated and triggered when a borrower’s collateral value falls below a certain threshold. By adjusting the oracle price, the community ensured that the hacker’s position could be liquidated in a controlled manner, returning funds to the protocol and its users. Execution Across Ethereum and Arbitrum The liquidation was executed on both the Ethereum mainnet and the Arbitrum layer-2 network. This dual-network approach reflects the hacker’s original activity, which spanned multiple chains to maximize the exploit’s impact. Aave’s cross-chain infrastructure allowed the recovery team to target positions on both networks simultaneously, ensuring a comprehensive recovery. According to on-chain data, the liquidation successfully closed the hacker’s remaining rsETH position, converting the collateral into Aave’s native stablecoin, GHO, and other assets. The recovered funds are expected to be returned to affected users as part of the ongoing remediation efforts. Implications for DeFi Security and Governance This event underscores the importance of robust governance mechanisms in decentralized finance. The ability of the Aave community to swiftly pass a proposal and adjust protocol parameters in response to a security incident demonstrates the flexibility and resilience of DeFi systems. However, it also highlights the challenges of oracle manipulation and the need for secure price feed mechanisms. For Aave, this successful recovery reinforces its reputation as a responsible and community-driven protocol. For the broader DeFi ecosystem, it serves as a case study in coordinated incident response and the potential for governance to mitigate the impact of hacks. Conclusion The liquidation of the KelpDAO hacker’s remaining rsETH position by Aave marks a significant milestone in the recovery process. Through a combination of governance action and technical execution, the protocol has demonstrated its ability to respond to security threats effectively. While the incident highlights ongoing risks in the DeFi space, it also provides valuable lessons for improving security and governance standards across the industry. FAQs Q1: What is rsETH and why was it targeted? rsETH is a liquid staking token issued by KelpDAO, representing staked ETH. The hacker exploited a vulnerability in the KelpDAO protocol to obtain a large amount of rsETH, which was then used as collateral on Aave. Q2: How did the oracle price adjustment work? The Aave governance community passed a proposal to temporarily adjust the oracle price feed for rsETH to a more accurate value. This allowed the protocol to liquidate the hacker’s position without causing a market panic or further losses. Q3: Will affected users get their funds back? Yes, the recovered funds from the liquidation are expected to be returned to affected users as part of the ongoing remediation plan coordinated by the KelpDAO team and Aave. This post Aave Completes Liquidation of KelpDAO Hacker’s Remaining rsETH Position Across Ethereum and Arbitrum first appeared on BitcoinWorld .

6 May 2026, 20:40

KelpDAO Shifts to Chainlink CCIP After $292M LayerZero Exploit

BitcoinWorld KelpDAO Shifts to Chainlink CCIP After $292M LayerZero Exploit KelpDAO, a prominent liquid staking protocol, has announced plans to migrate its cross-chain infrastructure from LayerZero’s OFT standard to Chainlink’s Cross-Chain Interoperability Protocol (CCIP). The decision follows a $292 million exploit that KelpDAO attributes to an internal issue within LayerZero’s infrastructure, raising fresh concerns about the security of widely used bridging protocols. Why KelpDAO Is Making the Switch In a statement, KelpDAO said the migration is part of a long-term strategy to reduce reliance on a single point of failure. The protocol’s team argued that the recent hack, which drained nearly $300 million in user funds, was not an isolated incident but indicative of deeper structural vulnerabilities in LayerZero’s architecture. While LayerZero has not publicly confirmed the root cause, the incident has accelerated a broader industry debate about cross-chain security standards. KelpDAO’s move to Chainlink CCIP is notable because CCIP is designed with multiple layers of risk management, including decentralized oracle networks, separate transaction validation, and rate limiting. Chainlink has positioned CCIP as a more secure alternative to existing bridging protocols, particularly for high-value asset transfers. Implications for the Cross-Chain Ecosystem The migration highlights a growing trend among DeFi protocols to prioritize security over speed or cost. KelpDAO’s decision could influence other protocols that currently rely on LayerZero’s OFT standard, especially those managing significant total value locked (TVL). Industry observers note that cross-chain bridges have been among the most targeted vectors in crypto attacks, with over $2 billion lost to bridge exploits since 2021. KelpDAO’s shift is a direct response to this systemic risk, signaling that protocols are increasingly willing to switch infrastructure providers to protect user funds. What This Means for KelpDAO Users For KelpDAO’s user base, the migration is expected to occur gradually, with the protocol maintaining compatibility with existing positions during the transition. No immediate changes to staking rewards or withdrawal processes have been announced. However, users should monitor official KelpDAO channels for specific timelines and any required actions. Conclusion KelpDAO’s migration from LayerZero to Chainlink CCIP is a significant vote of confidence in Chainlink’s cross-chain security model. It also serves as a cautionary signal for the broader DeFi industry about the importance of infrastructure resilience. As cross-chain activity continues to grow, the choice of interoperability protocol is becoming a critical risk management decision for protocols and their users alike. FAQs Q1: Why is KelpDAO leaving LayerZero? KelpDAO cited a $292 million hack linked to an internal LayerZero infrastructure issue as the primary reason. The protocol aims to reduce single-point-of-failure risk by adopting Chainlink CCIP. Q2: What is Chainlink CCIP? Chainlink CCIP (Cross-Chain Interoperability Protocol) is a secure messaging and token transfer protocol that uses multiple independent networks for validation, designed to prevent exploits common in simpler bridging solutions. Q3: Will KelpDAO users need to take action? KelpDAO has stated the migration will be handled gradually and automatically. Users are advised to follow official announcements for any specific steps, but no immediate action is required. This post KelpDAO Shifts to Chainlink CCIP After $292M LayerZero Exploit first appeared on BitcoinWorld .

6 May 2026, 19:41

After Disputing LayerZero Claims, KelpDAO Prepares Chainlink CCIP Migration

KelpDAO has publicly disputed claims made by LayerZero Labs regarding the April 18, 2026, exploit. In the latest post on X, it argued that the incident stemmed from failures within LayerZero’s infrastructure rather than any misconfiguration on its own platform. According to KelpDAO, attackers exploited LayerZero’s systems, resulting in the loss of more than $300 million across multiple DeFi protocols. The team further revealed that two additional forged transactions worth over $100 million were successfully signed and processed by LayerZero’s DVN before being halted after Kelp intervened and paused its contracts. KelpDAO Counters LayerZero Narrative Kelp claimed that this early response prevented further financial damage, even though the underlying bridging infrastructure remained active for some time after the issue had been detected and reported. At the center of the dispute is LayerZero’s assertion that the exploit resulted from a configuration issue specific to KelpDAO. Kelp rejected this explanation, while claiming that the configuration in question was widely used across the LayerZero ecosystem and aligned with its official documentation. Data cited by Kelp indicates that a significant portion of LayerZero applications relied on similar DVN setups, including many operating under a 1-1 configuration involving LayerZero’s own DVN. This setup was neither unique nor experimental but part of standard deployment practices followed by numerous protocols. Kelp also explained that LayerZero’s DVN is a core component of its ecosystem and is included in default configurations provided to developers. The company pointed out that LayerZero’s documentation and quickstart templates guide builders toward these default setups, often without requiring additional DVNs. Kelp stated that it followed these guidelines and maintained regular communication with the LayerZero team since integrating the infrastructure in early 2024. During this period, Kelp added that its configuration choices were reviewed and approved, and there was no indication that the setup posed a security risk. Reports cited by Kelp describe compromised off-chain systems responsible for monitoring blockchain activity, as well as fraudulent attestations triggered through the DVN. Some researchers have detailed the event as a broader infrastructure breach rather than a limited RPC issue, which, again, points to compromised nodes and weaknesses within LayerZero’s trust boundary. Meanwhile, LayerZero Labs admitted in its postmortem that attackers accessed RPC endpoints used by its DVN and took control of multiple nodes before carrying out what it called an RPC spoofing attack. However, Kelp and independent analysts believe that this description downplays the issue, as fake messages were still approved despite safeguards. Transition to Chainlink KelpDAO implemented immediate measures to secure its systems in response. This included pausing contracts and conducting a full review of its bridging infrastructure. As part of its long-term strategy, the protocol has announced plans to migrate away from LayerZero’s OFT standard and adopt the Cross-Chain Interoperability Protocol (CCIP) developed by Chainlink. This transition will move rsETH to Chainlink’s Cross-Chain Token standard. The protocol revealed that the aim of this change is to reduce reliance on single points of failure while strengthening cross-chain security going forward. The post After Disputing LayerZero Claims, KelpDAO Prepares Chainlink CCIP Migration appeared first on CryptoPotato .

6 May 2026, 17:16

Ethena, Kelp DAO diverge on root cause of $300M LayerZero exploit

Ethena and Kelp DAO have offered different views on the $300M LayerZero exploit, underscoring a broader debate on DeFi security models.