🚨 SECURITY ALERT 🚨 We are aware of a potential domain hijack affecting the @eth_limo DNS. Please DO NOT use the following domains until further notice. ❌ staking.safenet-beta.eth dot limo ❌ explorer.safenet-beta.eth dot limo You can safely access these services via IPFS directly: 🔹 Staking: https://ipfs.io/ipfs/bafybeiemy5vn7xwsfr… 🔹 Explorer: https://ipfs.io/ipfs/bafybeigq44oghn3enl… This is NOT a Safe specific issue and any other dot limo domains should also be avoided till the @eth_limo team resolves the issue. Stay vigilant.

KelpDAO's rsETH bridge seems to have been exploited for ~$292M. Hacker borrows WETH against stolen rsETH on Aave. Here's what we know.

http://eth.limo is back under our control and operating normally. Read our post-mortem: https://x.com/eth_limo/status/2045552916…

@dcfgod is right! rsETH exploit forensics. Live on-chain. 1/ Attacker wallet: 0x1F4C1c2e610f089D6914c4448E6F21Cb0db3adeF @aave V3 supply ladder, one wallet: 1 → 400 → 5,000 → 20,000 → 27,999 rsETH. Textbook test-then-scale. Probe with 1 token, ramp each time the prior clears. 53,400 rsETH from this wallet. ~$134M. Cluster total: ~116,500 rsETH. ~$290M. 2/ Aave V3 ETH reserve, live: Supplied: 2.71M WETH ($6.37B) Borrowed: 2.71M WETH ($6.37B) Utilization: 100% Supply APY: 7.36% Borrow APY: 8.71% That is the bank run. WETH suppliers are locked. Withdrawals blocked, as first flagged by @Marczeller. 3/ The mechanic. Attacker drained rsETH (OFT bridge vector, per initial reports). Supplied it as collateral on Aave V3 mainnet. Borrowed max WETH up to liquidation threshold. Walked. Kelp paused redemptions. Secondary rsETH liquidity cracked. Aave oracle still marks near peg. Liquidators cannot close the position at mark. The gap becomes bad debt on the WETH reserve. 4/ Loss waterfall. a. Umbrella. First live stress test of the Q4 2025 replacement for Safety Module. Will it fully slash aWETH stakers to cover the deficit? b. Residual haircut flows pro-rata to remaining WETH suppliers. c. Kelp mainnet rsETH holders are intact. Native ETH backing untouched, circulating supply unchanged. This is not a Kelp mint exploit. It is a bridge theft that became an Aave bad debt via instant cash-out. 5/ The primitive lesson. Listing an LRT, or any bridged derivative, as collateral means underwriting the entire upstream dependency stack: - Bridge config and security (@LayerZero_Core OFT here) - Mint and burn permissions - Oracle feeds and redemption mechanics - Fee contracts and wrapper logic Any single point of failure upstream becomes WETH bad debt downstream. @StaniKulechov, this is a listing-authority problem more than a token problem. If the stack cannot be fully priced and simulated, do not list it.

Checked the chain No new rseth was minted recently - the circ supply has been pretty steady They still have 670k eth and there’s 629k rseth circulating Question is - is any rseth considered unbacked? Does it work like frax where they can protocol mint some that would never be redeemed? Or is all rseth always backed? in which case, there would be no aave bad debt as they can just redeem it But then whose rseth was this? Some whale?

our domaim appears to have been compromised and the http://eth.limo domain has been hijacked. We're actively working with all parties involved to assess the situation and remediate the problem.

We're experimenting with how transactions are ordered on OP Mainnet — for the first time ever. Stake-based transaction ordering is live on Sepolia today. Stake OP, get top-of-block access. Here's what's happening and why 🧵