Kelp exploit drains 116,500 rsETH, tied to LayerZero 1/1 "single-signature" DVN setup

On April 19 (UTC+8), blockchain security firm SlowMist's Yu Xian said in an initial review that the theft of 116,500 rsETH from Kelp may be linked to a LayerZero cross-chain bridge configured with a 1/1 DVN—a classic "single-signature" design—while LayerZero's official documentation is typically based on a 2/2 configuration. Yu noted the single-signature single point could have been compromised via social engineering, though this remains speculative pending further investigation. The attacker successfully removed 116,500 rsETH on Ethereum and then attempted two additional transfers of 40,000 rsETH each, both of which failed. Transaction fees were funded from Tornado Cash. The stolen rsETH was subsequently split across multiple addresses and laundered, pushing losses onto several staking platforms, with Aave in particular now facing significant bad debt. (Source: PANews)