Olivia
Online
0x_oasis
@0xoasis
chain dev
Joined October 2025
31 Following
2 Followers
10 Posts
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications.
After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users.
As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.
Following the KelpDAO hack, we built an open analysis of DVN security configurations across every active OApp on LayerZero over the last 90 days.
Of ~2,665 unique OApp contracts: 47% run a 1-of-1 DVN security floor, 45% run 2-of-2, and ~5% run 3-of-3 or higher.
As we know, KelpDAO's rsETH sat in the first bucket.
Open query, public methodology, feedback welcome:
https://t.co/7sQCMN1uCS
So.. LayerZero blames the project in totality for using a quorum of 1 on their DVN.
Their defaults in their code are for a quorum of 1.
Loads of projects use a quorum of 1 in prod and not only do they know about it, they run it for them.
And.. it’s them that got hacked.
The rsETH markets on Aave V3 and Aave V4 have been frozen. Aave's contracts have not been exploited and this is an exploit related to rsETH.
The freeze follows an exploit of the Kelp DAO rsETH bridge. Freezing the rsETH markets prevents new deposits and borrowing against rsETH collateral while the situation is assessed.
We are reviewing information about rsETH borrows on Aave that occurred after the exploit and will share more details as soon as possible.
If the protocol accumulates bad debt from this incident, we'll explore paths to offset the deficit.
⚠️ Warning to every OApp
If LayerZero's official DVN is your ONLY required DVN — add an independent DVN NOW:
https://t.co/nC72ffLIGU
• setConfig to add DVN(s)
• Audit inboundNonce for jumps
• skip()/nilify() pending nonces
Single DVN = single point of failure.
#LayerZero #DVN
🚨 @KelpDAO rsETH drained ~$293.72M via single-DVN forgery (2026-04-18)
Ethereum accepted a message never sent from Unichain:
• Unichain outboundNonce = 307
• Ethereum inboundNonce = 309
Nonce 308 → 116,500 rsETH drained.
Nonce 309 committed, pending. ⚠️
⚠️ Pending nonce 309 — second payload still in queue
inboundPayloadHash:
0xbf86af6f10782715c263b7c76c86e7a965b29f2a0119806ea4eb108d197e0c7e
@KelpDAO must immediately endpoint.skip() or nilify() to clear it before the attacker calls lzReceive again.
💰 Step 2 — exploit (17:35:35 UTC)
Attacker:
0x4966260619701a80637cDbdAc6A6cE0131f8575E
https://t.co/JcjEgHlwpo
Exploit tx:
0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222
https://t.co/pfgfhb7vxK
116,500 rsETH → 0x8B1b6c9A6DB1304000412dd21Ae6A70a82d60D3b
🎯 Step 1 — DVN forge (17:33:35 UTC)
LayerZero official DVN abused:
0x589dEDbD617e0CBcB916A9223F4d1300c294236b
https://t.co/nC72ffLIGU
Forged PayloadVerified tx:
0xfe575668f895e10f8496fca3bb928fa53bebbea3e1de567d61bcd12d935f0d6f
https://t.co/rR9wU5SFvY
🔑 Root cause: single DVN, zero redundancy
@KelpDAO rsETH receiver on Ethereum:
0x85d456b2dff1fd8245387c0bfb64dfb700e98ef3
https://t.co/0X2kFWld0P
ULN config (srcEid = Unichain):
requiredDVNCount = 1
optionalDVNCount = 0
confirmations = 42 (latency, not security)
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers