The Three-Way Game Under a 290 Million Hole: Who Will Foot the Bill for Aave, L0, and Kelp?

Original | Odaily (@OdailyChina)

Author｜Azuma (@azuma_eth)

It has been over 30 hours since the exploit of Kelp DAO's rsETH bridge contract. While the involved parties (LayerZero, Kelp DAO, Aave) have issued statements (primarily "shifting blame" and emphasizing their own innocence), a final resolution has yet to be provided.

Therefore, this article aims to discuss the current stances and attitudes of the involved parties, explore the reasons for the delay in reaching a solution, and attempt to speculate on how the incident might ultimately be resolved.

Odaily Note: For background, please refer to "DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?".

Who is Ultimately Responsible?

First, let's discuss the issue of responsibility.

According to the details disclosed by LayerZero, the direct cause of the incident is quite clear: the downstream RPC infrastructure relied upon by the decentralized validator network (DVN) operated by LayerZero was compromised (see the analysis by SlowMist founder Cosmos below). Furthermore, because Kelp DAO's bridge contract used a 1/1 DVN configuration, the attacker only needed to forge a single message verification to complete the attack.

LayerZero believes that Kelp DAO, which adopted the 1/1 DVN configuration, bears the most direct responsibility for this incident. This is indisputable; such an obvious "single point of failure" is truly outrageous.

However, as the underlying cross-chain protocol, LayerZero should also bear some responsibility. While LayerZero allows each upper-layer application to configure the number and threshold of DVNs themselves, and the 1/1 DVN was Kelp DAO's own choice, as the designer of the underlying architecture, it should also have prevented such a clearly flawed configuration.

Finally, there are lending protocols like Aave (focusing on Aave here). Although they are also indirect victims, objectively speaking, Aave's overly generous lending permissions granted to LRT assets like rsETH for expansion purposes are a direct reason for its current predicament. It's also worth noting that Aave's former risk control team, BGD Labs (now separated from Aave), explicitly pointed out the DVN issue with Kelp DAO in January last year. Kelp accepted the advice at the time but clearly did not make changes... Aave's failure to continue supervision and take corresponding measures is also reaping what it sowed.

So, the responsibility assignment is clear: Kelp DAO bears primary responsibility, LayerZero bears secondary responsibility, and Aave also has some indirect responsibility.

The Awkward Reality

Reality is always more complex than theoretical expectations. The most critical issue is that the Kelp DAO team, which bears primary responsibility, does not have enough funds to cover the shortfall... Whether it's writing down losses across all rsETH holders or betraying Layer2 token holders, it's essentially a dead end.

So, who has the money? The first is LayerZero, which is facing a reputational crisis due to this incident, has been temporarily disabled by multiple institutions and protocols like Bitgo, Tron, Ethena, Curve, and ether.fi, and risks losing significant cross-chain market share. The second is Aave, which is facing massive potential bad debt, watching its multi-billion dollar TVL drain away, with several pool utilization rates already soaring to 100% (deposits cannot be withdrawn).

Thus, the "ulterior motives" of each party are clear. The primary responsible party, Kelp DAO, is essentially paralyzed, unable to lead the subsequent compensation effort, and needs to discuss what to do with the two "big brothers." Meanwhile, the secondary and indirectly responsible parties with the capacity to compensate, LayerZero and Aave, have both stated that their protocols have no vulnerabilities, clearly indicating they don't intend to easily shoulder such a massive burden... So the situation seems somewhat deadlocked.

However, I don't believe this stalemate will last long because both major protocols have a need to resolve the issue quickly — LayerZero cannot abandon its OFT cross-chain ecosystem ambitions, and Aave cannot ignore the continuous outflow of existing funds.

The Key to the Game

This morning, Aave issued an updated statement regarding the incident. The most important point in the statement is that Aave emphasized "rsETH on the Ethereum mainnet is fully backed".

How should this be understood? We need to start with the design of rsETH.

rsETH is essentially a liquidity restaking receipt token issued by Kelp DAO. Each rsETH token is backed by 1 ETH within the staking and restaking system, following the path "ETH - Lido - EigenLayer - Kelp DAO - rsETH".

The rsETH on the mainnet refers to the original receipt tokens issued by Kelp DAO on Ethereum. To expand within the Layer2 ecosystem, Kelp DAO then uses LayerZero's cross-chain bridge contract (the one involved in this incident) to map the mainnet rsETH to various Layer2s. For every 1 rsETH issued on a Layer2, the corresponding mainnet rsETH is deposited into Kelp DAO's custodian contract, to be released only when the Layer2 rsETH is bridged back to the mainnet.

Now, back to the incident itself. As mentioned earlier, the cause of the theft was that the hacker deceived the DVN to forge a cross-chain message, causing the bridge contract to "mistakenly release" 116,500 rsETH — note, this did not involve minting new tokens out of thin air, but rather obtaining the original receipt tokens from the mainnet that should not have been released.

The problem lies precisely here. These tokens were already circulating on Layer2 through the mapping process, with the mainnet tokens locked. However, after the hacker obtained them, they deposited these rsETH into lending protocols like Aave and borrowed more liquid WETH to escape — again, it must be emphasized that the rsETH deposited by the hacker was real, which is why Aave supported its use as collateral.

Now, looking back at Aave's statement is interesting. The phrase "rsETH on the Ethereum mainnet is fully backed" essentially means: "These tokens are real, Kelp DAO, you should support us in redeeming the underlying ETH with them (the contract is paused, redemption is currently impossible)... As for those Layer2 mapped versions of rsETH that have lost their mainnet backing, we can't manage that!"

This is likely Aave's inclination. While emphasizing the value of mainnet rsETH means disregarding the value of the Layer2 mapped rsETH, and since Aave itself has some rsETH debt positions on its Layer2 lending products (currently around $359 million), this would also create some bad debt. However, weighing the lesser of two evils, Aave likely assessed the potential impact of both options and determined that protecting its core mainnet product aligns with its best interests.

But this is just Aave's stance. How the incident is ultimately resolved depends on whether an agreement can be reached with LayerZero and Kelp DAO.

Although the latter two have not issued further statements yet, I personally believe LayerZero would find it difficult to accept this solution, as abandoning the Layer2 mapped tokens would directly threaten LayerZero's cross-chain reputation.

Potential Solutions

The problem must ultimately be solved. Over the past two days, various experts on social media have been offering suggestions to Aave, LayerZero, and Kelp DAO.

DefiLlama founder 0xngmi outlined three possible paths but noted that each has significant flaws. The first path is for all rsETH holders to collectively bear an 18.5% value write-down (lost tokens / issued tokens ratio), with Kelp DAO taking full responsibility, and Aave also bearing approximately $216 million in bad debt on the mainnet. The second path is to disregard the value of all Layer2 mapped rsETH, preserving Aave's mainnet product but likely causing the Layer2 ecosystem to collapse and Kelp DAO's reputation to hit zero. The third path is to fully compensate rsETH holders based on a pre-attack snapshot, with subsequent buyers or transferees bearing their own losses. However, due to significant post-attack fund movement, this is practically impossible to execute.

OneKey founder Yishi stated: "The best outcome now is to negotiate with the hacker, offer a 10–15% bounty, get most of the funds back, and everyone is happy. If negotiations fail, the LayerZero ecosystem fund should cover the bulk; it has the most money and the greatest long-term interest, and compensating could preserve the OFT ecosystem. Kelp DAO is the poorest; it could either compensate with its token + future revenue, or simply sell the entire project to LayerZero or Bitmine. Aave's Umbrella and stkAAVE would cover the final layer, but WETH depositors absolutely must not face a value write-down. Otherwise, Morpho, Spark, Fluid, Euler would all face repricing, the entire LRT sector would be blacklisted, and the entire DeFi industry would be set back three years."

Regardless, the parties will certainly continue to haggle for a while, as billions in real money are involved, and no one wants to be the biggest sucker.

As for how much longer it will take to propose a solution, as mentioned earlier, the two giants cannot afford to delay much longer. LayerZero is currently forced into a pause by its major partner institutions and protocols; delaying further will likely lead them to switch cross-chain paths. Aave's situation is also not optimistic, with multiple pool utilization rates at 100%, leaving depositors "trapped"... If ETH suddenly crashes, Aave could face more bad debt due to ineffective liquidation (which is currently the case), causing the problem to snowball — if it reaches that point, the industry's foundation could be shaken, a scenario no one wants to see.