The fallout from the massive $292 million exploit of Kelp DAO's cross-chain bridge continues to unfold, with market sentiment and on-chain activity pointing to a complex and contentious recovery process. A prediction market on Polymarket indicates a low probability—just 14%—that Kelp DAO will "socialize the losses" from the attack. This mechanism would force all rsETH holders, including those on the unscathed Ethereum mainnet, to share the financial burden currently concentrated among users on the more than 20 other blockchains affected by the bridge drain.
The exploit, which occurred on Saturday, saw attackers drain roughly 116,500 rsETH (restaked Ether) from a LayerZero-powered bridge that held the reserves backing the token. This has left parts of the system undercollateralized, fragmenting losses across different user groups. Socializing these losses would require intricate cross-chain coordination and imposing costs on users who may not feel directly impacted, making it a technically and politically difficult prospect.
Simultaneously, the attacker has begun moving the stolen funds in an apparent effort to launder them. On-chain data from Arkham shows the entity transferred about 75,700 ETH (worth nearly $175 million) on Tuesday. Blockchain investigators, including ZachXBT, report that portions of the funds are being routed through privacy-focused infrastructure like the stealth-address protocol Umbra and the cross-chain DEX THORChain, which lacks KYC checks. Security firm PeckShield estimates close to $176 million has been moved across these and other platforms like Chainflip and BitTorrent.
The fund movements follow intervention by the Arbitrum Security Council, which froze 30,766 ETH tied to the breach. The incident has also triggered risk reassessments across DeFi, with lending protocols like Aave, SparkLend, Fluid, and Upshift pausing or reviewing their rsETH exposure. Aave has flagged potential bad debt ranging from $123.7 million to $230.1 million after the attacker used stolen assets as collateral.
A dispute has emerged between Kelp DAO and LayerZero over the root cause. LayerZero attributes the breach to Kelp's use of a "1-of-1" decentralized verifier network (DVN), calling it a structural weak point and suggesting involvement by North Korea's Lazarus Group. Kelp DAO counters that this setup was LayerZero's documented default configuration and that the compromised validator was part of LayerZero's own infrastructure.
