The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

layerzero attack was not rpc poisoning in networking poisoning is when the attacker outside the trust boundary taints a shared lookup (dns, arp, cache). the consumer has no reason to distrust the source. this was not that. the attackers got inside layerzero's trust boundary. they accessed the rpc list, compromised two nodes the dvn depended on, and swapped the op-geth binaries. that's an infra breach within the perimeter. supply-chain shaped, not network shaped. and the payload was surgical. the malicious binary cloaked by ip, served forged payload only to the dvn, told the truth to scan and every other caller, then self-destructed to wipe logs and binaries. rpc poisoning makes it sound like something that happened to the infra from the outside. the real story is a targeted implant operating inside the trust boundary. that's a meaningfully scarier attack than the label suggests.

Update on rsETH incident: WETH reserves on the Ethereum Core V3 market have been unfrozen and users can supply WETH to Ethereum Core V3 again. WETH LTV remains at 0. WETH reserves on Ethereum Prime, Arbitrum, Base, Mantle, and Linea remain frozen. Aave service providers will continue to work on next steps and provide updates accordingly.

This vercel thing is a fucking apocalypse Hundreds possibly thousands of npm, pypi etc tokens not to mention tents of thousands of email, cloud provider keys etc Like why was this not encrypted what the actual fuck

Following the KelpDAO hack, we built an open analysis of DVN security configurations across every active OApp on LayerZero over the last 90 days. Of ~2,665 unique OApp contracts: 47% run a 1-of-1 DVN security floor, 45% run 2-of-2, and ~5% run 3-of-3 or higher. As we know, KelpDAO's rsETH sat in the first bucket. Open query, public methodology, feedback welcome: https://dune.com/dune/layerzero-dvn-setu…

1/ On April 18, an attacker drained 116,500 rsETH (~$292M) from Kelp's cross-chain bridge. rsETH markets on Aave and other lending venues were frozen shortly thereafter.

SCOOP: Kelp DAO is preparing a memo blaming LayerZero for Saturday's $292 million rsETH exploit, saying it relied on LayerZero's documentation, default configurations and team guidance when setting up the bridge. CoinDesk has reviewed the memo ahead of publication.

Update on rsETH incident: @LlamaRisk has published a report outlining the rsETH incident, the immediate actions taken, its impact on Aave, and potential paths forward. All service providers have been working to assess the two potential bad debt scenarios on the Aave protocol. Aave DAO service providers are also leading an effort with ecosystem participants to address any bad debt. This effort already has several indicative commitments from various parties and we are grateful for the strong support we have received so far. We will share further updates as we have them. In the meantime, the full report can be read here: https://governance.aave.com/t/rseth-inci…

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called http://Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (https://vercel.com/kb/bulletin/vercel-ap… My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

Calling all ETH lenders locked on Aave. We have built a way to exit to any token. While Fluid provides redemption to wstETH/weETH, via our Pathfinder algorithm, you can swap aEthWETH directly into the asset of your choice. aWETH → any token on https://1inch.com/swap?src=1:aEthWETH&am… in one click if you're still stuck.

the negative and positive things that have happened since saturday are the result of _centralised_ points of building. everything that has happened (the bad and good things) would not have happened if we built in a truly decentralised way. overall, dprk would have far fewer "gains" if we stuck to cypherpunk principles. like, dprk does _not_ focus on smart contract hacks, they almost exclusively target centralised attack vectors. if we want to win against dprk (and any other state actor, which all focus on web2-based attack vectors), we need to go full cypherpunk mode. if this is not a wake up call, i do not think we will get a second chance.

Introducing OpenMythos An open-source, first-principles theoretical reconstruction of Claude Mythos, implemented in PyTorch. The architecture instantiates a looped transformer with a Mixture-of-Experts (MoE) routing mechanism, enabling iterative depth via weight sharing and conditional computation across experts. My implementation explores the hypothesis that recursive application of a fixed parameterized block, coupled with sparse expert activation, can yield improved efficiency–performance tradeoffs and emergent multi-step reasoning. Learn more ⬇️🧵

Update on rsETH incident: According to our analysis, rsETH on Ethereum mainnet is fully backed. Out of an abundance of caution, rsETH remains frozen across Aave V3 and V4 and exposure to the incident is capped. WETH reserves also remain frozen across affected markets including Ethereum, Arbitrum, Base, Mantle, and Linea. Aave is actively validating information and assessing potential resolutions.

I'm dropping a thread of all the protocols that had to freeze their interop because of LayerZero being compromised. Let's go: