- On May 13, Kelp DAO announced the completion of the first batch of rsETH in the LayerZero OFT switch by Aave.
- After this transfer, the platform will resume the delivery process and allow users to transfer their rsETH between Ethereum and different layer 2 networks. Within the next 24 hours, the platform is expected to unpause withdrawals of rsETH contracts.
- On Wednesday, the TAC protocol’s TON-ETH cross-chain bridge ran into an operation, allowing hackers to steal about $3 million worth of USDT, BLUM, and other tokens.
On May 13, Kelp DAO and Aave announced the completion of the first tranche to restore full operations of rsETH after the recent hack incident, a token to reclaim liquidity. The first batch of this rsETH transaction was transferred by Aave to the LayerZero OFT switch under their plan to restore the process in a great format.
This is a major announcement because it will resume the delivery process, which will allow users to freely transfer rsETH between the Ethereum mainnet and different layer 2 networks.
The update will provide great relief to users as well as the entire DeFi community after facing disruptions due to the cyber attack. According to the official announcement, rsETH contracts will no longer be paused to allow withdrawal of tokens in the next 24 hours. Subsequently, coin deposits are also expected to resume shortly after the announcement, along with exchange rates, which are expected to be updated within 48 hours.
This restoration of operations in some regions will also allow rsETH holders to claim staking rewards that were accumulated when operations were closed.
“The remaining tranches of the Aave Redemption Guard and Kelp DAO will be sent out within the next two weeks to fully refill the lockbox,” the official post on X said.
Kelp DAO and Aave restore rsETH transactions
The latest announcement comes after Kelp DAO and Aave announced the completion of a major redemption on May 12. They burned the exploiter’s ETH holdings on the Arbitrum network. By doing so, they destroyed the last batch of unbacked tokens, which were created after the hack. This process helped Kelp DAO restore real support for rsETH tokens with the integration of the Big Offer.
The joint operation between Aave and Kelp resulted in the liquidation of the Aave sites. They have also collaborated with Arbitrum management to work on the frozen assets.
On April 18, hackers linked to North Korea’s Lazarus Group exploited the Kelp DAO LayerZero bridge to steal rsETH tokens. They took advantage of vulnerabilities in the single verification system on the cross-chain system. Using a fake message that came from another chain, a hacker was able to cleverly trick the bridge into releasing approximately 116,500 to 117,132 rsETH from the mainnet without proper support. While the hackers were executing this transaction, the cumulative value of the stolen tokens was approximately $292 million, making it the largest hack in the DeFi sector.
After stealing these rsETH tokens, hackers used the tokens as collateral on Aave, a leading lending protocol on Ethereum and Arbitrum. The hacker then borrowed large amounts of encrypted Ethereum and other assets in exchange for the fake tokens. This cyberattack created “bad debts” for the lending protocol.
However, in response to this bizarre cyberattack, the entire DeFi community reacted quickly. Aave has launched an operation to freeze rsETH markets to avoid further damage.
The Kelp DAO hack sparked panic across the entire sector, as in just two days, capital worth around $13 billion was wiped out of the sector.
The Kelp DAO hack once again exposed the vulnerabilities found in cross-chain bridges in the blockchain sector. Only because Kelp used a simple one-to-one verification setup to reduce the cost of operations. This created a major vulnerability in the bridge, allowing hackers to steal funds by attacking nodes and bogus data.
After this cyber attack on Kelp, the DeFi platform learned lessons. In yesterday’s post on X, Kelp revealed their change, requiring verification by 4 independent notaries, increased block confirmations, and more. The platform also plans to integrate more robust systems such as Chainlink CCIP.
Aave plays a major role in recovering stolen tokens. To do this, the lending platform announced the formation of the DeFi United program in collaboration with Kelp DAO and other DeFi platforms. They used on-chain tools and governance votes to liquidate the attackers’ sites and recover the assets. Other chains such as Arbitrum have also frozen their funds.
Not only that, they filed an emergency motion to overcome a restraining order issued by a court in the United States.
Currently, Aave Recovery Guardian multi-signature wallets hold funds that are expected to be used to replenish lost rsETH.
Another day, another bridge exploit: TAC Blockchain suffers $3M hack on TON-ETH cross-chain bridge
On May 13, the TAC protocol faced a hack after a hacker stole nearly $3 million from its TON bridge to the cross-chain Ethereum bridge. In this hack, hackers stole USDT, BLUM and other Jettons tokens, which are tokens created on the TON network. In a recent post on X, TAC confirmed this hacking incident.
“We are actively working with law enforcement, SEAL 911, and our security partners to track and block the stolen funds,” TAC stated in the post.“
TAC is a layer-one blockchain, designed to connect Ethereum Virtual Machine compatible decentralized applications with the Telegram TON blockchain. TAC is a major bridge for transferring assets between the Ethereum and TON blockchains. In this attack, the hackers likely exploited cross-bridging, a major vulnerability in the bridge.
This hack has sparked debate in the DeFi sector amid the recent turmoil following the Kelp DAO hack. It raises serious questions about the security of user funds on cross-chain bridges.
Read also: Kelp DAO begins redeeming rsETH after April exploit
