ZECFi is Live in noir wallet 🛡️
. One click supply $ZEC as collateral
. Swap directly in-wallet — no bridges, no friction.
Powered by @rhea_finance, @near_intents and @NEARProtocol Chain Abstraction.
⛓️ noir wallet connect on https://t.co/MdkQ6tmTW9 live in 4 days.
Download noir wallet here
https://t.co/jqF19Kn2h3
Let's be super fucking clear. The rsETH exploit was a mess bc of bad collateralization decisions by @aave and bad best practice decisions by @LayerZero_Core.
HOWEVER, the true blame lays primarily with the lazy, sleazy morons of @KelpDAO who didnt care enough to protect the money its users entrusted into their hands.
Would love to know what prompted Kelp to migrate *from* MultiDVN to 1/1 config.
Gonna be hard to keep blaming the quickstart guide if it was originally configured correctly...
A car company sells you a car, the instruction manual says "wear a seatbelt".
You do not wear a seatbelt, and get into a fatal accident.
The car company later adds a feature: the car will not drive if the driver's seatbelt is not fastened.
Is this an admission of guilt?
Are you, the driver, absolved of blame because the car company did not have this feature before, and because other drivers also do not wear seatbelts?
Nothing new has been said here “disproves” is wild
Kelp used a system that is supposed to have multiple parties verifying and they had one single point of failure
A very basic anecdote: If you set up a multi sig and make it 1/1 and get drained that’s on you not anyone else
A ton of this is just completely untrue.
1) Kelp originally used the defaults which were MultiDVN or DeadDVN and manually migrated to a 1/1 config later
2) Almost 100% of the volume on a 1/1 config was rsETH
3) Not using a 1/1 for production applications is mentioned many times in the documentation.
The defaults Kelp is referencing in their screenshot were multiDVN or DeadDVN, which force-rejects an application using the defaults at all and requires them to manually set configuration.
rsETH was originally configured to use the default LayerZero configuration of a multiDVN setup of LayerZero Labs + Google:
Here are the exact transactions where that happens
Ethereum → Arbitrum:
https://t.co/C2uCxmpBCX
at 2024-02-06 03:09:47 UTC
Ethereum → Optimism:
https://t.co/vuQWxeyUUA
at 2024-02-06 03:09:59 UTC
KelpDAO then manually changed these to 1/1 configs:
For the original Feb 6 Ethereum routes to Arbitrum/Optimism, KelpDAO’s Ethereum contract switched from defaults to manual OApp-scoped config on 2024-04-01:
Send-side manual config:
https://t.co/HKCE8C8n7F
2024-04-01 07:12:11 UTC
Receive-side manual config:
https://t.co/FZTiol0qAp
2024-04-01 07:12:23 UTC
From this point on, Kelp began deploying all of their configurations as 1/1 configs. Here is Kelp’s deployment on Unichain:
Unichain → Ethereum was opened on 2025-04-01 18:55:41 UTC.
Pathway-open / setPeer tx:
https://t.co/0MlFpIxCfA
The manual ULN config followed 6 seconds later in https://t.co/0di0j78zYc.
During this time the Unichain -> Ethereum and Ethereum -> Unichain defaults were set to DeadDVN which is a contract which makes it impossible for any application to transact without manually configuring their DVNs, this was not possible on the defaults of this pathway.
Here is the code in the DeadDVN (https://t.co/mAge3W6NhP) that specifically prohibits this.
(Screenshot 1)
This is called out many many times in the docs:
1. Integration Checklist — "Do" list
- Last edited: 2025-11-26 (Nazreen)
- Content: "Do: … Use more than one DVN for each production pathway instead of relying on a single DVN."
- File: v2/tools/integration-checklist.mdx:244
- URL: https://t.co/h9GHby9ynE
2. Integration Checklist — "Don't" list
- Last edited: 2025-11-26 (Nazreen)
- Content: "Don't: … Configure only one DVN for a pathway and treat it as production‑ready."
- File: v2/tools/integration-checklist.mdx:251
- URL: https://t.co/h9GHby9ynE
3. Integration Checklist — Defaults are not safe
- Last edited: 2025-09-25 (Tino Martínez Molina)
- Content: "Do not assume defaults are safe for production. Always check explicitly: getSendLibrary, getReceiveLibrary, and getConfig. If these resolve to defaults, confirm whether the defaults are valid for the intended pathway. Unintentional fallbacks to defaults are a common cause of blocked or failing pathways."
- File: v2/tools/integration-checklist.mdx:126-128
- URL: https://t.co/a6SdjYCbOu
4. Integration Checklist — Default fallback warning
- Last edited: 2026-02-26 (migration; same wording predates it)
- Content: "Warning: If no configuration is set, the OApp will fallback to the default settings set by LayerZero Labs."
- File: v2/tools/integration-checklist.mdx:222-238
- URL: https://t.co/h9GHby9ynE
5. ONFT Quickstart — Production guidance
- Last edited: 2025-02-20 (Radek Sienkiewicz)
- Content: "DVN Settings: Use multiple DVNs in production to ensure message verification is robust."
- File: v2/developers/evm/onft/quickstart.mdx:700
- URL: https://t.co/b8nO2yrEiX
6. ONFT Quickstart — Strong recommendation to configure
- Last edited: 2025-03-10 (Radek Sienkiewicz)
- Content: "We strongly recommend reviewing these settings carefully and configuring your security stack according to your needs and preferences."
- File: v2/developers/evm/onft/quickstart.mdx:366
- URL: https://t.co/WcNuXHLbiG
7. Starknet FAQ — "Should I use multiple DVNs?"
- Last edited: 2026-01-21 (Nazreen)
- Content:
▎ Should I use multiple DVNs?
▎ Recommended for production. Multiple DVNs provide:
▎ - Increased security (multiple independent verifiers)
▎ - Resilience (no single point of failure)
▎ - Trust minimization
- File: v2/developers/starknet/troubleshooting/faq.mdx:290-296
- URL: https://t.co/vtSZUFLZPJ
Here are the exact recommendations we gave KelpDAO when asked about DVNs (typically 2/3)
(Screenshot 2)
Other LayerZero applications speaking on exactly what is advised by the team
https://t.co/0ulWmlTZ2y
https://t.co/vQ2B8YQrw9
For how much volume was actually configured on 1/1 here is the exact data.
(Screenshot 3)
We will publish a complete post-mortem as soon as the external security firms have completed it.
How much glue do you have to sniff in order to fud Arbitrum for freezing North Korean hacker funds?
They reduced knock on effects at the heart of some of the most critical DeFi infra in existence
User funds are more important than your performative decentralization platitudes
my brutal feedback is that you ppl don't seem to give much of a hoot (read: fuck) about power users actually putting in money in your native defi protocols
instead you would (again) reward with wave3 cards those who GM'd the hardest on the timeline
especially sad to see at a time when defi sentiment is at all time lows
and even more sad when you have literal data and options to connect X accounts to wallets
and for that reason, im out
One month after starting the war in Iran, this is the statement of the President of the United States on Easter Sunday.
These are the ravings of a dangerous and mentally unbalanced individual. Congress has got to act NOW. End this war.