Overview
- Investigators say the exploiter shifted about 75,700 ETH worth roughly $175 million through fresh wallets using THORChain and the privacy tool Umbra.
- Arbitrum’s Security Council froze 30,766 ETH tied to the hack and placed it in a governance‑controlled wallet to block further movement.
- Aave’s risk team modeled potential bad debt between $123.7 million and $230.1 million after the attacker used illegitimately minted rsETH as collateral, and some pools hit full utilization that slowed withdrawals.
- The bridge was drained of 116,500 rsETH on Saturday, April 18, after attackers poisoned RPC nodes and forced a failover to validate a forged cross‑chain message, in an operation LayerZero preliminarily links to North Korea’s Lazarus Group.
- LayerZero blames Kelp DAO’s single‑verifier setup for creating a single point of failure, while Kelp says that configuration followed LayerZero’s documented defaults and was confirmed during deployment.