KelpDAO theft affects the entire DeFi industry, how to resolve huge bad debts?

Edit | Wu on Blockchain

On April 18, KelpDAO’s rsETH cross-chain assets suffered a major attack, losing approximately $290 million (about 116,500 rsETH, accounting for 18% of the circulating supply). LayerZero Labs in a recent statement initially attributed the attack to North Korea’s Lazarus Group (also known as TraderTraitor). The attackers polluted LayerZero DVN downstream RPC nodes and coordinated a DDoS attack to induce a failover, causing DVN to confirm “no transaction occurred,” thereby forging cross-chain messages.

Although this incident did not directly target the Aave protocol itself, it triggered an unprecedented systemic liquidity shock in DeFi history. Aave’s TVL plummeted by about $8.45 billion within 48 hours (latest monitoring shows a decline of approximately $8–9.5 billion), with the entire chain DeFi total TVL shrinking from $99.5B to $86.29B, evaporating $13.21 billion. The event quickly spread from EVM chains to Solana, where lending protocols like Kamino saw USDC utilization rates spike to 100%, and the DeFi industry entered a “stress test” mode.

LayerZero official disclosure: single point failure, not a protocol vulnerability

On April 20, LayerZero Labs released a detailed explanation confirming that the attack precisely targeted KelpDAO’s 1/1 single DVN configuration (relying solely on LayerZero Labs’ validator), deviating from their usual recommended multi-DVN redundancy best practices. The attackers poisoned, replaced binaries, and coordinated