- On May 13, Kelp DAO announced the completion of the first batch of rsETH into the LayerZero OFT Adapter by Aave.
- After this transfer, the platform will resume bridging and allow users to move their rsETH between Ethereum and various Layer 2 networks. In the next 24 hours, the platform is expected to unpause withdrawals for rsETH contracts.
- On Wednesday, TAC Protocol’s TON-ETH cross-chain bridge faced an operation, allowing hackers to steal around $3 million in USDT, BLUM, and other tokens.
On May 13, Kelp DAO and Aave announced the completion of the first tranche to restore full operations for rsETH after the recent hack incident, which is a liquid restaking token. The first batch of this transaction of rsETH was transferred by Aave into the LayerZero OFT Adapter under their plan to restore the operation with great coordination.
This is a major announcement as it will resume bridging, which will allow users to freely move rsETH between the Ethereum main network and different Layer 2 networks.
The update will provide major relief to users as well as the entire DeFi community after facing turmoil due to the recent cyberattack. According to the official announcement, rsETH contracts will be unpaused to allow withdrawals of tokens within the next 24 hours. After this, deposits for tokens are also expected to resume shortly, along with exchange rates, which are expected to update within 48 hours.
This restoration of operations in some areas will also allow rsETH holders to receive staking rewards that accumulated when the operations were suspended.
“Remaining tranches from Aave’s recovery guardian and Kelp DAO will be sent over the next 2 weeks to fully refill the lockbox,” stated the team in the official post on X.
Kelp DAO and Aave Restore rsETH Operations
This latest announcement comes after Kelp DAO and Aave announced the completion of a major recovery process. They have burned the exploiter’s ETH holdings on the Arbitrum network. By doing this, they have destroyed the last batch of unbacked tokens, which were created after the hack. This process has helped Kelp DAO to restore the real backing for rsETH tokens with great supply integrity.
The joint operation between Aave and Kelp led to the liquidation of hacker positions. They have also made a collaboration with Arbitrum governance to work on frozen assets.
On April 18, hackers linked to North Korea’s Lazarus Group exploited the Kelp DAO LayerZero bridge to steal rsETH tokens. The attackers exploited loop holes in the one-of-one verifier system used in the cross-chain protocol.
By using a forged cross-chain message, the hacker smartly deceived the bridge to release approximately 116,500 to 117,132 rsETH from the main network without proper backing. While hackers were executing this transaction, tokens worth $292 million were stolen, which makes it the biggest hack of the DeFi sector.
After stealing these rsETH tokens, hackers have used the tokens as collateral on Aave, which is a leading lending protocol on Ethereum and Arbitrum. The hacker then borrowed large amounts of Wrapped Ethereum and other assets against the fake tokens. This cyberattack created “bad debt” for the lending protocol.
However, in response to this cyberattack, the entire DeFi community reacted quickly. Aave launched an operation to freeze the rsETH markets to avoid any further damage.
The Kelp DAO hack created panic in the entire sector, as in just 2 days, around $13 billion worth of capital was wiped out from the DeFi sector.
The Kelp DAO hack has once again exposed the vulnerabilities present in the cross-chain bridges in the blockchain sector. Just because Kelp used a simple single-verifier setup to reduce the cost of operations, it created a major loophole on the bridge, which allowed hackers to steal money by attacking nodes with false data.
After this cyber attack on Kelp, the DeFi platform has learnt its lesson. In yesterday’s post on X, Kelp revealed that they have made changes, such as requiring verification from 4 independent attestors, increasing the block confirmations, and others. The platform has also integrated more robust systems like Chainlink CCIP.
Aave is playing a major role in the recovery of the stolen tokens. To do this, the lending platform announced the formation of the DeFi United program in collaboration with Kelp DAO and other DeFi platforms. They used on-chain tools and governance votes to liquidate attacker positions and recover assets. Other chains like Arbitrum have also frozen their funds.
Moreover, the group has filed an emergency motion seeking relief from a United States court restraining order. Right now, funds that are held in Aave Recovery Guardian multisig wallets are expected to help cover the rsETH shortfall.
Another Day, Another Bridge Exploited: TAC Blockchain Suffers $3M Hack on TON-ETH Cross-Chain Bridge
On May 13, TAC Protocol was hacked and the hacker stole approximately $3 million from its TON to Ethereum cross-chain bridge. In this hack, the hackers have stolen USDT, BLUM tokens, and other Jettons, which are tokens created on the TON network. In the latest post on X, TAC has confirmed this hacking incident.
TAC stated in the post, “We are actively working with law enforcement, SEAL 911, and our security partners to trace and block the stolen funds.”
TAC is a layer 1 blockchain, which is designed to connect Ethereum Virtual Machine-compatible decentralized applications with the Telegram TON blockchain. TAC is a major bridge to transfer assets between the Ethereum and TON blockchains. In this attack, hackers have likely exploited a cross-chain bridge, which is a major loophole in the bridge.
This hack has sparked a discussion in the DeFi sector amid the recent turmoil following the Kelp DAO hack. It is raising serious questions about the security of users’ funds on the cross-chain bridges.
Also Read: Kelp DAO Begins Recovering rsETH After the April Exploit
Be the first to comment