Skip to main content
Sign in
KelpDAO3 decisions on this page

Audit log

Every state-changing event for KelpDAO: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1reviewby reviewerreviewer
    2026-05-12 21:54:23Z
    Score: 2222 (no score change)
    The KelpDAO investigation page is well-supported by credible sources across all major claim categories. Core facts about the exploit mechanics, attribution, financial impact, legal proceedings, and recovery efforts are confirmed by primary sources including Chainalysis, TRM Labs, Aave Governance Forum, LayerZero's own statements, and multiple Tier 1 and Tier 2 news outlets. Minor findings include a slight overstatement of pre-exploit TVL ('over $2 billion' vs independently-sourced ~$1.7 billion), a possible misattribution of the circuit breaker finding to Halborn rather than OpenZeppelin, and a disputed launch date (November vs December 2023 for user deposits). The investigation's most significant contested claim — that LayerZero personnel explicitly approved the 1-of-1 configuration — is reported as KelpDAO's allegation but cannot be independently verified from available sources, which is appropriate framing.
    anchoranchored
    chain
    mainnet-betaslot 419,339,165
    sig
    252GtSafFNFq…xYDgsuHNexplorer ↗
    hash
    2upC8rxrLXrK…V4X55ECPsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1266 B) ▸
    {"actor":"reviewer","decided_at":"2026-05-12T21:54:23.454Z","decision":"review","investigation_id":"b3201664-21f2-4b65-b4dc-a85ecb74262d","new_score":22,"page_slug":"kelpdao","prev_score":22,"reason":"The KelpDAO investigation page is well-supported by credible sources across all major claim categories. Core facts about the exploit mechanics, attribution, financial impact, legal proceedings, and recovery efforts are confirmed by primary sources including Chainalysis, TRM Labs, Aave Governance Forum, LayerZero's own statements, and multiple Tier 1 and Tier 2 news outlets. Minor findings include a slight overstatement of pre-exploit TVL ('over $2 billion' vs independently-sourced ~$1.7 billion), a possible misattribution of the circuit breaker finding to Halborn rather than OpenZeppelin, and a disputed launch date (November vs December 2023 for user deposits). The investigation's most significant contested claim — that LayerZero personnel explicitly approved the 1-of-1 configuration — is reported as KelpDAO's allegation but cannot be independently verified from available sources, which is appropriate framing.","score_delta":0,"sequence_num":1,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 07f8be29-58ca-4ff4-af18-cacf0f4e023a
  2. #2review approveby judgejudge
    2026-05-12 21:54:23Z
    Score: 2222 (no score change)
    The reviewer examined 43 discrete claims and found zero disputed. All four partially-supported findings (claim_findings[3], [6], [15], [35]) involve peripheral details — a launch-date precision gap between November 2023 announcement and December 2023 token genesis, a TVL rounding discrepancy (~$1.7B vs 'over $2B'), a secondary audit-firm misattribution of the circuit-breaker finding (Halborn vs OpenZeppelin), and an unconfirmed severity label on the AI risk flag — none of which affect any core allegation about the exploit, the attacker, the financial impact, or the legal proceedings. The single unverifiable finding (claim_findings[23], the count of '11 Aave instances') is a peripheral operational detail. Two high-priority coverage gaps were noted — on-chain address-level forensics and independent resolution of the LayerZero configuration-approval dispute — which indicate areas for future expansion rather than grounds for denial. Reviewer confidence was 0.87, consistent with this approval.
    anchoranchored
    chain
    mainnet-betaslot 419,339,186
    sig
    28CvgGpQMqZx…NGYf6AXhexplorer ↗
    hash
    E4tibF8L3tRt…8pQAMXeTsha256 → base58
    verifying row…full verify ↗
    canonical bytes (1351 B) ▸
    {"actor":"judge","decided_at":"2026-05-12T21:54:23.454Z","decision":"review_approve","investigation_id":"b3201664-21f2-4b65-b4dc-a85ecb74262d","new_score":22,"page_slug":"kelpdao","prev_score":22,"reason":"The reviewer examined 43 discrete claims and found zero disputed. All four partially-supported findings (claim_findings[3], [6], [15], [35]) involve peripheral details — a launch-date precision gap between November 2023 announcement and December 2023 token genesis, a TVL rounding discrepancy (~$1.7B vs 'over $2B'), a secondary audit-firm misattribution of the circuit-breaker finding (Halborn vs OpenZeppelin), and an unconfirmed severity label on the AI risk flag — none of which affect any core allegation about the exploit, the attacker, the financial impact, or the legal proceedings. The single unverifiable finding (claim_findings[23], the count of '11 Aave instances') is a peripheral operational detail. Two high-priority coverage gaps were noted — on-chain address-level forensics and independent resolution of the LayerZero configuration-approval dispute — which indicate areas for future expansion rather than grounds for denial. Reviewer confidence was 0.87, consistent with this approval.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 970e6962-78c1-4bcc-bad1-f7148a1469a7
  3. #3publishby system:backfill
    2026-05-30 13:03:49Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,161,803
    sig
    5nxCagB2V1fG…pJKPXMYWexplorer ↗
    hash
    8izk2FPnbtNU…LiGCkZMTsha256 → base58
    verifying row…full verify ↗
    canonical bytes (45194 B) ▸
    {"actor":"system:backfill","investigation_id":"b3201664-21f2-4b65-b4dc-a85ecb74262d","kind":"publish","page_slug":"kelpdao","published_at":"2026-05-30T13:03:49.561Z","sequence_num":3,"snapshot":{"content_type":"investigation","entity_name":"KelpDAO","sections":[{"content":"KelpDAO is a liquid restaking protocol built on Ethereum and launched in November 2023. It was co-founded by Amitej Gajjala and Dheeraj Borra, who also run the liquid staking platform Stader Labs. KelpDAO allows users to deposit ETH or supported liquid staking tokens (LSTs), which are delegated to EigenLayer operators; users receive rsETH in return — a liquid, yield-bearing token representing the underlying restaked position. rsETH is designed to be composable across DeFi protocols including Aave, Uniswap, and Compound. The protocol is a subsidiary product of KernelDAO. Prior to the April 2026 exploit, KelpDAO reported over $2 billion in total value locked (TVL), with approximately 630,000 rsETH tokens in circulating supply. The protocol raised $9 million in a May 2024 private round led by SCB Limited, Laser Digital, and Binance Labs.","heading":"Protocol Overview","severity":"low","sources":[{"credibility":2,"name":"Nansen AI: What is Kelp DAO","type":"research","url":"https://nansen.ai/post/what-is-kelp-dao"},{"credibility":2,"name":"The Block: Ethereum liquid restaking platform Kelp raises token round at $90 million valuation","type":"news_article","url":"https://www.theblock.co/post/295972/ethereum-kelp-token-round-valuation"},{"credibility":1,"name":"Kelp DAO official site","type":"official","url":"https://www.kelpdao.xyz/restake/"},{"credibility":2,"name":"Tracxn: Kelp DAO founders and board","type":"research","url":"https://tracxn.com/d/companies/kelp-dao/__Gu9X8d8GQEMeHp0WBePcra-gL9CxSjZAsDOBh5xhWrU/founders-and-board-of-directors"}]},{"content":"On April 18, 2026, KelpDAO's rsETH bridge — built on LayerZero V2 infrastructure — was compromised in a sophisticated infrastructure-layer attack that resulted in the theft of approximately 116,500 rsETH tokens (roughly 18% of total circulating supply), valued at approximately $292 million. This was not a smart contract vulnerability: KelpDAO's on-chain code functioned as designed throughout the event, and no bugs were found in the rsETH token logic.\n\nThe attack exploited a 'Decentralized Verifier Network' (DVN) configured in a 1-of-1 arrangement, meaning a single LayerZero Labs DVN was the sole verifier of cross-chain messages. Attackers allegedly gained access to two internal RPC nodes used by the DVN, swapping out node software to feed false blockchain data. Simultaneously, a distributed denial-of-service (DDoS) attack was launched against uncompromised external RPC nodes, forcing the DVN to fail over exclusively onto the two attacker-controlled nodes. Those poisoned nodes falsely reported that rsETH had been burned on the source chain (Unichain) when no such burn had occurred. The DVN, reading only from the compromised data sources, confirmed the fraudulent cross-chain message as valid, triggering the Ethereum-side contract to release 116,500 rsETH to attacker-controlled addresses. The malicious node software was programmed to self-destruct after execution, deleting binaries and logs to hinder forensic investigation.\n\nSecurity firm Halborn's post-mortem identified compounding failure factors beyond the 1-of-1 configuration, including the absence of on-chain circuit breakers that would automatically pause operations if a single transaction minted an unusually large proportion of total supply. OpenZeppelin noted in a published analysis that the exploit was undetectable by any conventional smart contract audit, as every on-chain transaction appeared technically valid; the root cause resided entirely at the operational infrastructure layer.","heading":"April 2026 Exploit: Attack Mechanics","severity":"critical","sources":[{"credibility":1,"name":"CoinDesk: Kelp DAO exploited for $292 million with wrapped ether stranded across 20 chains","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"credibility":2,"name":"Chainalysis: Inside the KelpDAO Bridge Exploit","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"credibility":2,"name":"Halborn: Explained: The Kelp DAO Hack (April 2026)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-kelp-dao-hack-april-2026"},{"credibility":2,"name":"OpenZeppelin: $292 Million Lost, Zero Bugs Found: Lessons From the KelpDAO Hack","type":"research","url":"https://www.openzeppelin.com/news/lessons-from-kelpdao-hack"},{"credibility":2,"name":"LayerZero: KelpDAO Incident Statement","type":"official","url":"https://layerzero.network/blog/kelpdao-incident-statement"}]},{"content":"LayerZero Labs and blockchain intelligence firm TRM Labs attributed the April 18, 2026 KelpDAO exploit to TraderTraitor, a subunit of North Korea's Lazarus Group operating under DPRK state direction. TRM Labs' attribution methodology relied on on-chain analysis of both pre-attack funding patterns and post-attack laundering behavior.\n\nPre-attack funding for the exploit was allegedly traceable to a Bitcoin wallet associated with Wu Huihui, a Chinese crypto broker indicted in 2023 for laundering prior Lazarus Group thefts dating to at least 2018. Following the theft, approximately $175 million in ETH was routed through THORChain — a cross-chain liquidity protocol that does not require KYC — and converted to Bitcoin. Additional obfuscation was achieved through Umbra, an Ethereum privacy tool, before final Bitcoin conversion. TRM Labs reported that the ongoing laundering phase was executed primarily by Chinese intermediaries rather than North Korean operators directly, consistent with the previously documented TraderTraitor playbook.\n\nNorth Korea officially denied the TRM Labs attribution. Taken together with the April 1, 2026 Drift Protocol exploit ($285 million), which TRM Labs also attributed to DPRK-linked actors, North Korean state-sponsored hackers are alleged to account for approximately 76% of all crypto hack losses through April 2026 — totaling approximately $577 million — from just two incidents. TRM Labs reported that North Korea's cumulative attributed crypto theft since 2017 has surpassed $6 billion.","heading":"DPRK Attribution and Lazarus Group","severity":"critical","sources":[{"credibility":2,"name":"TRM Labs: North Korea Stole 76% of All Crypto Hack Value in 2026","type":"research","url":"https://www.trmlabs.com/resources/blog/north-korea-stole-76-of-all-crypto-hack-value-in-2026-with-just-two-attacks"},{"credibility":2,"name":"The Block: North Korea accounts for 76% of 2026 crypto hack losses","type":"news_article","url":"https://www.theblock.co/post/399569/north-korea-accounts-for-76-of-2026-crypto-hack-losses-with-theft-since-2017-topping-6-billion-trm-labs"},{"credibility":1,"name":"CoinDesk: LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"credibility":2,"name":"Unchained: Kelp DAO Exploiter Moves $175 Million in Stolen ETH Into New Wallets, Routing Funds Through THORChain","type":"news_article","url":"https://unchainedcrypto.com/kelp-dao-exploiter-moves-175-million-in-stolen-eth-into-new-wallets-routing-funds-through-thorchain/"},{"credibility":2,"name":"crypto.news: North Korea denies TRM Labs data tying it to major crypto hacks","type":"news_article","url":"https://crypto.news/north-korea-denies-trm-labs-data-tying-it-to-major-crypto-hacks/"}]},{"content":"Because the stolen rsETH was still tradable at the time of the exploit, the attacker deposited approximately 89,567 rsETH (out of the 116,500 stolen) into Aave V3 markets as collateral and borrowed approximately $190 million in ETH and other assets across Ethereum and Arbitrum. This usage of unbacked collateral created significant bad debt exposure for Aave, which immediately froze rsETH and wrsETH markets across 11 instances.\n\nThe Aave Governance Forum's incident report outlined two scenarios for potential bad debt depending on how KelpDAO allocates the underlying loss across its rsETH exchange rate. Under Scenario 1 (uniform loss socialization across all rsETH holders), Aave faced approximately $123.7 million in bad debt, with the heaviest proportional hit on Mantle (9.54% shortfall) and Ethereum Core ($91.8 million). Under Scenario 2 (losses isolated to Layer 2 networks), bad debt rises to approximately $230.1 million, with Mantle (71.45% shortfall) and Arbitrum (26.67% shortfall) most severely impacted.\n\nSparkLend and Fluid also froze their rsETH markets. Total value locked across DeFi fell by $13.21 billion in the 48 hours following the exploit, driven by $8.45 billion in Aave deposit outflows alone. Aave's TVL drop of approximately $6 billion was separately reported. The KuCoin research team summarized the Aave bad debt at approximately $177 million in a widely-cited figure that sits between the two official Aave governance scenarios.","heading":"Aave Contagion and DeFi Systemic Impact","severity":"critical","sources":[{"credibility":2,"name":"Aave Governance Forum: rsETH Incident Report (April 20, 2026)","type":"community_report","url":"https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580"},{"credibility":2,"name":"Aave Governance Forum: rsETH incident — 2026-04-18","type":"community_report","url":"https://governance.aave.com/t/rseth-incident-2026-04-18/24481"},{"credibility":1,"name":"CoinDesk: Aave could face up to $230m in losses after Kelp DAO bridge exploit triggers DeFi chaos","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/aave-could-face-up-to-usd230-million-in-losses-after-kelp-dao-bridge-exploit-triggers-defi-chaos"},{"credibility":1,"name":"CoinDesk: DeFi TVL drops more than $13 billion in two days following Kelp DAO hack","type":"news_article","url":"https://www.coindesk.com/markets/2026/04/20/defi-tvl-drops-more-than-usd13-billion-in-two-days-following-kelp-dao-hack"},{"credibility":2,"name":"KuCoin: KelpDAO rsETH Exploit: How The $292M LayerZero Bridge Attack Created $177M Bad Debt on Aave","type":"news_article","url":"https://www.kucoin.com/blog/kelpdao-rseth-exploit-how-292m-layerzero-bridge-attack-created-177m-bad-debt-in-aave"}]},{"content":"On April 21, 2026, the Arbitrum Security Council froze 30,766 ETH (approximately $71 million) of attacker-linked funds held on Arbitrum One, coordinating with law enforcement. This intervention prevented the movement of a substantial portion of the stolen assets but immediately ignited a debate about centralization and the nature of decentralized governance.\n\nA DeFi United recovery proposal co-authored by Aave Labs, KelpDAO, LayerZero, and EtherFi called for releasing the frozen funds into the DeFi United recovery pool. Over 90.5% of voting Arbitrum stakeholders — representing 173.9 million ARB tokens — approved the motion.\n\nHowever, families holding unpaid terrorism judgments against North Korea, with total claims exceeding $877 million excluding interest, filed for a court order with the U.S. District Court for the Southern District of New York. On approximately May 1, 2026, the court issued a restraining order barring Arbitrum DAO from moving the 30,766 ETH. Aave LLC filed an emergency motion to void the restraining notice. As of early May 2026, a Manhattan federal judge modified the restraining order to permit transfer of the funds to an Aave LLC-controlled wallet, but Aave agreed to be bound by the restraining notice as though served directly, meaning the terrorism creditors' claims on the funds legally survive the transfer.\n\nThe episode produced a broad discussion about a structural irony: the Arbitrum Security Council's centralized emergency freeze — which brought the assets within the jurisdictional reach of a U.S. federal court — was the same mechanism that gave terrorism creditors a legal foothold to assert their claims.","heading":"Arbitrum Emergency Freeze and Legal Dispute","severity":"high","sources":[{"credibility":1,"name":"CoinDesk: Arbitrum freezes $71 million in ether tied to Kelp DAO exploit","type":"news_article","url":"https://www.coindesk.com/markets/2026/04/21/arbitrum-freezes-usd71-million-in-ether-tied-to-kelp-dao-exploit"},{"credibility":1,"name":"CoinDesk: Inside the $71 million freeze on Arbitrum that has the crypto world questioning what decentralization really means","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/22/inside-the-usd71-million-freeze-on-arbitrum-that-has-the-crypto-world-questioning-what-decentralization-really-means"},{"credibility":2,"name":"Unchained: U.S. Court Freezes $71 Million in Kelp DAO ETH After North Korea Terrorism Creditors File Claim","type":"news_article","url":"https://unchainedcrypto.com/u-s-court-freezes-71-million-in-kelp-dao-eth-after-north-korea-terrorism-creditors-file-claim/"},{"credibility":2,"name":"The Block: Arbitrum's $71 million in ETH cleared for Aave transfer as North Korea terrorism creditors retain legal claim","type":"news_article","url":"https://www.theblock.co/post/400642/arbitrums-71-million-in-eth-cleared-for-aave-transfer-as-north-korea-terrorism-creditors-retain-legal-claim"},{"credibility":2,"name":"CryptoTimes: Arbitrum Freezes KelpDAO Hacker's $71M But Sparks Debate on Centralization","type":"news_article","url":"https://www.cryptotimes.io/2026/04/21/arbitrum-freezes-kelpdao-hackers-71m-but-sparks-debate-on-centralization/"},{"credibility":2,"name":"Yahoo Finance: Arbitrum's KelpDAO Freeze Backfires as US Court Blocks $71 Million Recovery","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/arbitrum-kelpdao-freeze-backfires-us-160122096.html"}]},{"content":"In the days following the exploit, an industry coalition branded 'DeFi United' was assembled, led by Aave service providers, to restore backing for rsETH and prevent cascading bad debt. Major pledges included 5,000 ETH from Aave founder Stani Kulechov personally, 5,000 ETH from EtherFi, and a total of 10,000 ETH from LayerZero (5,000 ETH to the DeFi United pool and 5,000 ETH directly into Aave liquidity). Lido Finance and other DeFi participants also contributed. The DeFi United coalition ultimately raised over $300 million in ETH across multiple participants.\n\nThe recovery plan operates in two phases: first, contributors slowly convert their pledged ETH into rsETH and deposit it into the Kelp DAO bridge lockbox contract to restore backing; second, the attacker's remaining uncollected positions on Aave and Compound are liquidated through special governance-authorized procedures. The goal is to fully restore rsETH's exchange rate to pre-hack parity and unfreeze markets on all affected chains. Additionally, Aave DAO separately proposed using 25,000 ETH from its treasury to cover the rsETH shortfall, given the DAO treasury held approximately $181 million in assets at the time.\n\nThe recovery process remains ongoing as of early May 2026, with rsETH trading around $2,420 — approximately 6-7% below pre-hack value — reflecting partial but incomplete restoration of backing.","heading":"DeFi United Recovery Effort","severity":"medium","sources":[{"credibility":1,"name":"CoinDesk: Aave leads DeFi bailout push after $292M crypto exploit","type":"news_article","url":"https://www.coindesk.com/business/2026/04/23/aave-rallies-defi-partners-to-contain-fallout-from-usd292-million-kelpdao-hack"},{"credibility":2,"name":"The Block: DeFi United unveils plan to restore rsETH after $292 million Kelp DAO exploit","type":"news_article","url":"https://www.theblock.co/post/399118/defi-united-detailed-plan"},{"credibility":2,"name":"The Block: LayerZero commits 10,000 ETH to DeFi United effort","type":"news_article","url":"https://www.theblock.co/post/399275/layerzero-commits-10000-eth-to-defi-united-effort"},{"credibility":2,"name":"Cryptopolitan: LayerZero pledges $23M to DeFi United after $292M Kelp DAO exploit fallout","type":"news_article","url":"https://www.cryptopolitan.com/layerzero-pledges-23m-to-defi-united/"},{"credibility":1,"name":"CoinDesk: Who's pledging to Aave's $300 million DeFi recovery effort","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/27/industry-leaders-are-pouring-hundreds-of-millions-into-a-rescue-plan-for-aave-users-after-massive-crypto-hack"},{"credibility":2,"name":"CryptoTimes: Aave DAO Proposes 25K ETH to Cover rsETH Shortfall After KelpDAO Hack","type":"news_article","url":"https://www.cryptotimes.io/2026/04/25/aave-dao-proposes-25k-eth-to-cover-rseth-shortfall-after-kelpdao-hack/"}]},{"content":"In the immediate aftermath of the exploit, LayerZero published an incident statement that framed the attack as the result of a configuration choice made by KelpDAO — specifically, KelpDAO's selection of a 1-of-1 DVN setup despite LayerZero's documented recommendations for multi-DVN redundancy. LayerZero stated that the LayerZero protocol itself had functioned exactly as intended and that the incident was isolated to rsETH due to its application-level security configuration.\n\nKelpDAO publicly disputed this account on April 20, 2026, arguing that the single-verifier setup was the default configuration recommended in LayerZero's own developer documentation, quickstart guides, and examples. KelpDAO further asserted on approximately May 5, 2026, that LayerZero personnel had explicitly reviewed and approved the specific configuration later cited as the cause of the exploit.\n\nOn May 9, 2026, LayerZero reversed its position in a public blog post, writing 'First things first: an overdue apology' and acknowledging 'We've done a terrible job on comms over the past three weeks.' LayerZero stated: 'We believe developers should choose their own security configurations, but we made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions.' The company announced that the LayerZero Labs DVN would no longer service 1-of-1 DVN configurations, and that default settings across all pathways would be migrated to require a minimum of five verifiers where possible, with a floor of three on chains with limited DVN availability.\n\nKelpDAO announced its migration away from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP). Solv Protocol ($700 million in tokenized bitcoin assets) and Re (reUSD stablecoin) separately announced migrations from LayerZero to Chainlink CCIP following security reviews prompted by the KelpDAO incident.","heading":"LayerZero Blame Dispute and Subsequent Apology","severity":"high","sources":[{"credibility":2,"name":"LayerZero: KelpDAO Incident Statement","type":"official","url":"https://layerzero.network/blog/kelpdao-incident-statement"},{"credibility":1,"name":"CoinDesk: Kelp DAO hits back at LayerZero for trying to shift the blame","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-layerzero-s-default-settings-are-what-actually-caused-the-usd290-million-disaster"},{"credibility":1,"name":"CoinDesk: Kelp says LayerZero approved setup it blamed for $292 million bridge hack","type":"news_article","url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"credibility":1,"name":"CoinDesk: LayerZero says it 'made a mistake' in $292 Million Kelp exploit","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"credibility":2,"name":"The Block: LayerZero issues public apology for Kelp DAO exploit response, admits fault in single-verifier setup","type":"news_article","url":"https://www.theblock.co/post/400629/layerzero-issues-public-apology-for-kelp-dao-exploit-response-admits-fault-in-single-verifier-setup"},{"credibility":2,"name":"Unchained: Kelp DAO Disputes LayerZero's Account of the $290 Million Exploit","type":"news_article","url":"https://unchainedcrypto.com/kelp-dao-disputes-layerzeros-account-of-the-290-million-exploit-escalating-blame-game/"},{"credibility":1,"name":"CoinDesk: Solv drops LayerZero for Chainlink CCIP in $700 million tokenized bitcoin migration","type":"news_article","url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"}]},{"content":"The KelpDAO exploit was the single largest DeFi hack of 2026, surpassing the April 1, 2026 Drift Protocol exploit ($285 million) by approximately $7 million. Together, the two incidents accounted for approximately 89% of total April 2026 crypto losses. Crypto Impact Hub reported April 2026 as the worst month for crypto hacks in history, with a total of approximately $651 million stolen across 30 exploits.\n\nThe KelpDAO incident contributed to an estimated $9.5 billion to $13 billion decline in DeFi total value locked in the 48-72 hours following the exploit, including a $6 billion TVL drop at Aave and a $15 billion drop noted by some trackers. The incident demonstrated a previously underappreciated category of risk: off-chain infrastructure and bridge configuration risk, which is invisible to traditional smart contract audits. OpenZeppelin's published analysis specifically highlighted that 'zero bugs were found' in the KelpDAO codebase, underscoring that audit coverage does not extend to operational infrastructure.\n\nAn open-source AI security tool had reportedly flagged the bridge configuration as a risk 12 days before the exploit, rating it 'moderate' rather than severe — a missed signal that has since prompted discussion about continuous monitoring obligations for DeFi protocols beyond point-in-time code audits.\n\nTRM Labs' data indicates that DPRK-attributed actors' share of total crypto hack losses has grown from under 10% in 2020-2021 to 22% in 2022, 37% in 2023, 39% in 2024, 64% in 2025, and 76% through April 2026 — the highest sustained share on record, representing a significant and escalating nation-state threat to crypto infrastructure.","heading":"April 2026 Macro Context and Systemic Risk","severity":"high","sources":[{"credibility":2,"name":"Crypto Impact Hub: April 2026 — The Worst Month for Crypto Hacks in History","type":"news_article","url":"https://cryptoimpacthub.com/april-2026-worst-month-crypto-hacks-history/"},{"credibility":2,"name":"TRM Labs: North Korea Stole 76% of All Crypto Hack Value in 2026","type":"research","url":"https://www.trmlabs.com/resources/blog/north-korea-stole-76-of-all-crypto-hack-value-in-2026-with-just-two-attacks"},{"credibility":2,"name":"OpenZeppelin: $292 Million Lost, Zero Bugs Found: Lessons From the KelpDAO Hack","type":"research","url":"https://www.openzeppelin.com/news/lessons-from-kelpdao-hack"},{"credibility":2,"name":"PANews: An open-source AI tool that nobody paid attention to alerted about a $292 million vulnerability in Kelp DAO 12 days ago","type":"news_article","url":"https://www.panewslab.com/en/articles/019da9ba-cfc3-75a8-b5a1-f8475f5a37f3"},{"credibility":1,"name":"CoinDesk: The $292 million Kelp DAO exploit shows why crypto bridges are still one of the industry's weakest links","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/21/the-usd292-million-kelp-dao-exploit-shows-why-crypto-bridges-are-still-one-of-the-industry-s-weakest-links"}]},{"content":"KelpDAO's smart contracts were subject to a security audit published in March 2024 by MixBytes, covering the LRT-rsETH codebase as deployed to Ethereum mainnet with approximately 140,000 ETH in TVL at that time. The audit identified four high-severity vulnerabilities, all of which were reported as absent in the version deployed at the time of publication. A separate audit PDF is publicly available on the KelpDAO domain.\n\nAs established by the April 2026 exploit and subsequent analysis by OpenZeppelin and Halborn, these conventional code audits did not — and by design cannot — assess the security of bridge configuration choices, off-chain RPC infrastructure, or operational decisions such as the selection of a single-verifier DVN arrangement. The distinction between code risk and operational risk is now central to post-mortems of the incident.","heading":"Pre-Hack Audit Record","severity":"medium","sources":[{"credibility":2,"name":"KelpDAO MixBytes Audit Report (March 2024)","type":"research","url":"https://kelpdao.xyz/audits/smartcontracts/mixbytes.pdf"},{"credibility":2,"name":"OpenZeppelin: $292 Million Lost, Zero Bugs Found: Lessons From the KelpDAO Hack","type":"research","url":"https://www.openzeppelin.com/news/lessons-from-kelpdao-hack"}]}],"sources_used":[{"archive_timestamp":"2026-05-24T07:47:56+00:00","archive_url":"http://web.archive.org/web/20260524074756/https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains","credibility":1,"name":"CoinDesk: Kelp DAO exploited for $292 million","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"archive_timestamp":null,"archive_url":null,"credibility":1,"name":"CoinDesk: Kelp DAO exploit shows why crypto bridges are weakest links","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/21/the-usd292-million-kelp-dao-exploit-shows-why-crypto-bridges-are-still-one-of-the-industry-s-weakest-links"},{"archive_timestamp":"2026-04-26T20:05:21+00:00","archive_url":"http://web.archive.org/web/20260426200521/https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-layerzero-s-default-settings-are-what-actually-caused-the-usd290-million-disaster","credibility":1,"name":"CoinDesk: Kelp DAO hits back at LayerZero","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-layerzero-s-default-settings-are-what-actually-caused-the-usd290-million-disaster"},{"archive_timestamp":null,"archive_url":null,"credibility":1,"name":"CoinDesk: LayerZero blames Kelp's setup, attributes to Lazarus","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"archive_timestamp":"2026-05-08T16:56:32+00:00","archive_url":"http://web.archive.org/web/20260508165632/https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack","credibility":1,"name":"CoinDesk: Kelp says LayerZero approved the setup","type":"news_article","url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"archive_timestamp":"2026-05-13T19:39:20+00:00","archive_url":"http://web.archive.org/web/20260513193920/https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit","credibility":1,"name":"CoinDesk: LayerZero says it 'made a mistake'","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"archive_timestamp":"2026-04-27T13:57:00+00:00","archive_url":"http://web.archive.org/web/20260427135700/https://www.coindesk.com/business/2026/04/23/aave-rallies-defi-partners-to-contain-fallout-from-usd292-million-kelpdao-hack","credibility":1,"name":"CoinDesk: Aave leads DeFi bailout push","type":"news_article","url":"https://www.coindesk.com/business/2026/04/23/aave-rallies-defi-partners-to-contain-fallout-from-usd292-million-kelpdao-hack"},{"archive_timestamp":"2026-05-09T16:48:22+00:00","archive_url":"http://web.archive.org/web/20260509164822/https://www.coindesk.com/tech/2026/04/20/aave-could-face-up-to-usd230-million-in-losses-after-kelp-dao-bridge-exploit-triggers-defi-chaos","credibility":1,"name":"CoinDesk: Aave could face up to $230m in losses","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/aave-could-face-up-to-usd230-million-in-losses-after-kelp-dao-bridge-exploit-triggers-defi-chaos"},{"archive_timestamp":"2026-04-22T10:22:51+00:00","archive_url":"http://web.archive.org/web/20260422102251/https://www.coindesk.com/markets/2026/04/20/defi-tvl-drops-more-than-usd13-billion-in-two-days-following-kelp-dao-hack","credibility":1,"name":"CoinDesk: DeFi TVL drops $13 billion","type":"news_article","url":"https://www.coindesk.com/markets/2026/04/20/defi-tvl-drops-more-than-usd13-billion-in-two-days-following-kelp-dao-hack"},{"archive_timestamp":"2026-04-22T18:07:12+00:00","archive_url":"http://web.archive.org/web/20260422180712/https://www.coindesk.com/markets/2026/04/21/arbitrum-freezes-usd71-million-in-ether-tied-to-kelp-dao-exploit","credibility":1,"name":"CoinDesk: Arbitrum freezes $71 million","type":"news_article","url":"https://www.coindesk.com/markets/2026/04/21/arbitrum-freezes-usd71-million-in-ether-tied-to-kelp-dao-exploit"},{"archive_timestamp":null,"archive_url":null,"credibility":1,"name":"CoinDesk: Inside the $71 million Arbitrum freeze","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/22/inside-the-usd71-million-freeze-on-arbitrum-that-has-the-crypto-world-questioning-what-decentralization-really-means"},{"archive_timestamp":"2026-05-07T03:51:51+00:00","archive_url":"http://web.archive.org/web/20260507035151/https://www.coindesk.com/tech/2026/04/27/industry-leaders-are-pouring-hundreds-of-millions-into-a-rescue-plan-for-aave-users-after-massive-crypto-hack","credibility":1,"name":"CoinDesk: $300M DeFi recovery pledges","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/27/industry-leaders-are-pouring-hundreds-of-millions-into-a-rescue-plan-for-aave-users-after-massive-crypto-hack"},{"archive_timestamp":"2026-04-24T03:26:50+00:00","archive_url":"http://web.archive.org/web/20260424032650/https://www.coindesk.com/business/2026/04/21/data-shows-the-kelpdao-hackers-are-already-laundering-millions-in-stolen-crypto","credibility":1,"name":"CoinDesk: KelpDAO hackers laundering millions","type":"news_article","url":"https://www.coindesk.com/business/2026/04/21/data-shows-the-kelpdao-hackers-are-already-laundering-millions-in-stolen-crypto"},{"archive_timestamp":"2026-05-09T15:04:21+00:00","archive_url":"http://web.archive.org/web/20260509150421/https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration","credibility":1,"name":"CoinDesk: Solv drops LayerZero for Chainlink CCIP","type":"news_article","url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Chainalysis: Inside the KelpDAO Bridge Exploit","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"archive_timestamp":"2026-05-08T23:15:08+00:00","archive_url":"http://web.archive.org/web/20260508231508/https://layerzero.network/blog/kelpdao-incident-statement","credibility":2,"name":"LayerZero: KelpDAO Incident Statement","type":"official","url":"https://layerzero.network/blog/kelpdao-incident-statement"},{"archive_timestamp":"2026-05-12T01:19:36+00:00","archive_url":"http://web.archive.org/web/20260512011936/https://www.trmlabs.com/resources/blog/north-korea-stole-76-of-all-crypto-hack-value-in-2026-with-just-two-attacks","credibility":2,"name":"TRM Labs: North Korea Stole 76% of All Crypto Hack Value in 2026","type":"research","url":"https://www.trmlabs.com/resources/blog/north-korea-stole-76-of-all-crypto-hack-value-in-2026-with-just-two-attacks"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"The Block: North Korea accounts for 76% of 2026 crypto hack losses","type":"news_article","url":"https://www.theblock.co/post/399569/north-korea-accounts-for-76-of-2026-crypto-hack-losses-with-theft-since-2017-topping-6-billion-trm-labs"},{"archive_timestamp":"2026-04-29T03:12:27+00:00","archive_url":"http://web.archive.org/web/20260429031227/https://www.theblock.co/post/399118/defi-united-detailed-plan","credibility":2,"name":"The Block: DeFi United unveils plan to restore rsETH","type":"news_article","url":"https://www.theblock.co/post/399118/defi-united-detailed-plan"},{"archive_timestamp":"2026-04-30T07:50:26+00:00","archive_url":"http://web.archive.org/web/20260430075026/https://www.theblock.co/post/399275/layerzero-commits-10000-eth-to-defi-united-effort","credibility":2,"name":"The Block: LayerZero commits 10,000 ETH to DeFi United","type":"news_article","url":"https://www.theblock.co/post/399275/layerzero-commits-10000-eth-to-defi-united-effort"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"The Block: LayerZero issues public apology, admits fault in single-verifier setup","type":"news_article","url":"https://www.theblock.co/post/400629/layerzero-issues-public-apology-for-kelp-dao-exploit-response-admits-fault-in-single-verifier-setup"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"The Block: Arbitrum's $71M ETH cleared for Aave transfer, terrorism creditors retain claim","type":"news_article","url":"https://www.theblock.co/post/400642/arbitrums-71-million-in-eth-cleared-for-aave-transfer-as-north-korea-terrorism-creditors-retain-legal-claim"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Halborn: Explained: The Kelp DAO Hack (April 2026)","type":"research","url":"https://www.halborn.com/blog/post/explained-the-kelp-dao-hack-april-2026"},{"archive_timestamp":"2026-05-13T07:24:15+00:00","archive_url":"http://web.archive.org/web/20260513072415/https://www.openzeppelin.com/news/lessons-from-kelpdao-hack","credibility":2,"name":"OpenZeppelin: $292 Million Lost, Zero Bugs Found: Lessons From the KelpDAO Hack","type":"research","url":"https://www.openzeppelin.com/news/lessons-from-kelpdao-hack"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Aave Governance Forum: rsETH Incident Report (April 20, 2026)","type":"community_report","url":"https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Aave Governance Forum: rsETH incident 2026-04-18","type":"community_report","url":"https://governance.aave.com/t/rseth-incident-2026-04-18/24481"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Unchained: U.S. Court Freezes $71 Million in Kelp DAO ETH","type":"news_article","url":"https://unchainedcrypto.com/u-s-court-freezes-71-million-in-kelp-dao-eth-after-north-korea-terrorism-creditors-file-claim/"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Unchained: Kelp DAO Exploiter Moves $175 Million Through THORChain","type":"news_article","url":"https://unchainedcrypto.com/kelp-dao-exploiter-moves-175-million-in-stolen-eth-into-new-wallets-routing-funds-through-thorchain/"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Unchained: Kelp DAO Disputes LayerZero's Account","type":"news_article","url":"https://unchainedcrypto.com/kelp-dao-disputes-layerzeros-account-of-the-290-million-exploit-escalating-blame-game/"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Yahoo Finance: Arbitrum's KelpDAO Freeze Backfires as US Court Blocks Recovery","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/arbitrum-kelpdao-freeze-backfires-us-160122096.html"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"CryptoTimes: Arbitrum Freezes KelpDAO Hacker's $71M But Sparks Debate on Centralization","type":"news_article","url":"https://www.cryptotimes.io/2026/04/21/arbitrum-freezes-kelpdao-hackers-71m-but-sparks-debate-on-centralization/"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"CryptoTimes: KelpDAO Blames LayerZero, Shifts to Chainlink CCIP","type":"news_article","url":"https://www.cryptotimes.io/2026/05/06/kelpdao-blames-layerzero-shifts-to-chainlinks-ccip-after-292m-hack/"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Cryptopolitan: LayerZero pledges $23M to DeFi United","type":"news_article","url":"https://www.cryptopolitan.com/layerzero-pledges-23m-to-defi-united/"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"PANews: AI tool flagged Kelp vulnerability 12 days before exploit","type":"news_article","url":"https://www.panewslab.com/en/articles/019da9ba-cfc3-75a8-b5a1-f8475f5a37f3"},{"archive_timestamp":"2026-05-26T03:55:49+00:00","archive_url":"https://web.archive.org/web/20260526035549/https://kerneldao.com:443/kelp/audits/smartcontracts/mixbytes.pdf","credibility":2,"name":"KelpDAO MixBytes Audit Report March 2024","type":"research","url":"https://kelpdao.xyz/audits/smartcontracts/mixbytes.pdf"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Crypto Impact Hub: April 2026 worst month for crypto hacks","type":"news_article","url":"https://cryptoimpacthub.com/april-2026-worst-month-crypto-hacks-history/"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"DeFi Prime: The KelpDAO rsETH Exploit — $292M Minted From a 1-of-1 Bridge","type":"news_article","url":"https://defiprime.com/kelpdao-rseth-exploit"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"The Block: Arbitrum vote to release frozen ETH set to pass","type":"news_article","url":"https://www.tradingview.com/news/cointelegraph:56fa8c4bc094b:0-arbitrum-vote-to-release-71m-in-frozen-kelp-exploit-eth-set-to-pass/"},{"archive_timestamp":null,"archive_url":null,"credibility":2,"name":"Tracxn: Kelp DAO Company Profile","type":"research","url":"https://tracxn.com/d/companies/kelp-dao/__Gu9X8d8GQEMeHp0WBePcra-gL9CxSjZAsDOBh5xhWrU"}],"summary":"KelpDAO (also KernelDAO) is an Ethereum-based liquid restaking protocol that issues rsETH, a yield-bearing token representing restaked positions via EigenLayer. On April 18, 2026, attackers attributed to North Korea's Lazarus Group (TraderTraitor subunit) exploited a single-verifier bridge configuration to mint 116,500 unbacked rsETH tokens worth approximately $292 million, making it the largest single DeFi exploit of 2026. The attack triggered cascading losses across Aave, SparkLend, and Fluid, sparked a $300 million+ industry recovery coalition (DeFi United), a legal dispute over $71 million frozen by Arbitrum's Security Council, and a protracted public blame dispute between KelpDAO and bridge provider LayerZero.","timeline":[{"date":"2023-11-01","event":"KelpDAO launches on Ethereum, issuing rsETH liquid restaking token built on EigenLayer.","source":"Kelp GitBook / KuCoin Research","source_url":"https://www.kucoin.com/blog/kelpdao-hack-2026-rseth-exploit-analysis"},{"date":"2024-03-04","event":"MixBytes publishes security audit of KelpDAO LRT-rsETH smart contracts, identifying and confirming remediation of four high-severity issues.","source":"KelpDAO Audit (MixBytes PDF)","source_url":"https://kelpdao.xyz/audits/smartcontracts/mixbytes.pdf"},{"date":"2024-05-22","event":"KelpDAO raises $9 million in a private funding round led by SCB Limited, Laser Digital, and Binance Labs, valuing the protocol at $90 million.","source":"The Block","source_url":"https://www.theblock.co/post/295972/ethereum-kelp-token-round-valuation"},{"date":"2026-04-01","event":"Drift Protocol is exploited for $285 million in a separate DPRK-attributed attack involving social engineering and compromised protocol signers.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/04/30/north-korean-hackers-are-moving-faster-they-account-for-76-of-crypto-exploits-this-year-trmlabs"},{"date":"2026-04-06","event":"An open-source AI security tool allegedly flags KelpDAO's LayerZero bridge configuration as a moderate-to-severe risk — approximately 12 days before the exploit. The warning is not acted upon.","source":"PANews","source_url":"https://www.panewslab.com/en/articles/019da9ba-cfc3-75a8-b5a1-f8475f5a37f3"},{"date":"2026-04-18","event":"Attackers attributed to Lazarus Group (TraderTraitor) compromise LayerZero RPC nodes and exploit the 1-of-1 DVN bridge configuration, minting and stealing 116,500 rsETH (~$292 million). Core contracts are paused. A subsequent attempted theft of ~$95 million is blocked.","source":"Chainalysis / CoinDesk","source_url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"date":"2026-04-19","event":"KelpDAO confirms the exploit publicly. rsETH is suspended across 20+ chains. Aave, SparkLend, and Fluid freeze their rsETH and wrsETH markets across 11 instances. DeFi TVL begins a $13 billion decline.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"date":"2026-04-20","event":"LayerZero publishes incident statement attributing the hack to DPRK's Lazarus Group and placing responsibility on KelpDAO's 1-of-1 DVN configuration choice. KelpDAO immediately disputes the account, pointing to LayerZero's own documentation and developer guides as the source of the default configuration.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"date":"2026-04-21","event":"The attacker begins moving stolen funds; approximately $175 million in ETH is routed through THORChain and converted to Bitcoin. Arbitrum Security Council freezes 30,766 ETH (~$71 million) of attacker-linked funds on Arbitrum One.","source":"CoinDesk / Unchained","source_url":"https://www.coindesk.com/business/2026/04/21/data-shows-the-kelpdao-hackers-are-already-laundering-millions-in-stolen-crypto"},{"date":"2026-04-23","event":"Aave rallies DeFi partners to form the 'DeFi United' recovery coalition. Pledges include 5,000 ETH from Stani Kulechov, 5,000 ETH from EtherFi, and a total 10,000 ETH from LayerZero.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/04/23/aave-rallies-defi-partners-to-contain-fallout-from-usd292-million-kelpdao-hack"},{"date":"2026-04-27","event":"KelpDAO and Aave jointly request Arbitrum DAO to release the frozen $71 million into the DeFi United recovery pool. Arbitrum governance vote opens and over 90.5% of stakeholders vote in favor.","source":"The Coin Republic / KuCoin","source_url":"https://www.thecoinrepublic.com/2026/04/27/kelpdao-aave-team-request-arbitrum-to-release-71m-frozen-ethereum-after-292m-hack/"},{"date":"2026-05-01","event":"U.S. District Court for the Southern District of New York issues a restraining order barring Arbitrum DAO from moving the 30,766 ETH, following a petition from families holding unpaid terrorism judgments against North Korea totaling over $877 million.","source":"Unchained Crypto","source_url":"https://unchainedcrypto.com/u-s-court-freezes-71-million-in-kelp-dao-eth-after-north-korea-terrorism-creditors-file-claim/"},{"date":"2026-05-05","event":"KelpDAO publicly states that LayerZero personnel had explicitly reviewed and approved the single-verifier configuration prior to the hack, directly contradicting LayerZero's narrative that Kelp acted against guidance.","source":"CoinDesk","source_url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"date":"2026-05-06","event":"KelpDAO announces migration of its rsETH bridge infrastructure from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP).","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/05/06/kelpdao-blames-layerzero-shifts-to-chainlinks-ccip-after-292m-hack/"},{"date":"2026-05-07","event":"Solv Protocol announces migration of $700 million in tokenized bitcoin assets from LayerZero to Chainlink CCIP, citing the KelpDAO incident in its security review rationale.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"},{"date":"2026-05-09","event":"A Manhattan federal judge modifies the restraining order, permitting transfer of the 30,766 ETH to an Aave LLC-controlled wallet; Aave agrees to remain bound by the terrorism creditors' claims. LayerZero separately publishes a public apology blog post admitting 'we made a mistake' and accepting responsibility for the 1-of-1 DVN configuration, reversing its prior position. LayerZero announces the end of 1-of-1 DVN support and a new minimum of five verifiers for high-value pathways.","source":"The Block / CoinDesk","source_url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision a0794e48-50ac-466b-85b3-c8c8b9b367a2
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.