Kelp completes a full upgrade of its cross-chain bridge in two weeks, and ether.fi simultaneously hardens WeETH

Two weeks have passed since the April 18 hack of Kelp DAO’s rsETH cross-chain bridge, in which 116,500 rsETH (about $292 million) were siphoned off. On April 29, Kelp announced the completion of a full cross-chain bridge upgrade. The same day, ether.fi simultaneously released a three-layer security hardening plan for weETH and joined DeFi United’s collective rescue effort with a donation of 5,000 ETH. With multiple parties—including LayerZero, Consensys, Mantle, and more—having cumulatively mobilized over 70k ETH in rescue funding, DeFi United has moved from the immediate outbreak phase into a structural post-incident handling stage.

Kelp 4/29 bridge upgrade: validators changed to 4-of-4, Ethereum as the sole hub

Originally, on April 18, the attacker exploited Kelp’s cross-chain bridge by configuring only a single 1-of-1 DVN (Decentralized Verifier Network) point, then forging cross-chain messages to withdraw rsETH. The hardening actions completed in Kelp’s 4/29 announcement redesigned the validation mechanism and topology structure:

First, the number of validation nodes was expanded from 1 to 4 independent attestors—Canary, Horizen, LayerZero Labs, and Nethermind. For every path in and out, all 4 must be fully verified. This means the attacker must simultaneously compromise the security operations of four separate infrastructure and jurisdictional security domains to forge a single cross-chain message. Second, the block confirmation count across all chains increased from 42 to 64, raising the cost of reorg attacks. Third, the topology changed from full mesh to hub-and-spoke: direct L2-to-L2 routing was removed, all cross-chain messages are forced to route via the Ethereum mainnet as a middle hop. This eliminates L2-to-L2 horizontal dependencies and reduces the attack surface.

In its announcement, Kelp emphasized that “every configuration deviating from LayerZero’s default settings is strictly stronger and never weaker,” and said it would continue to “research safer cross-chain infrastructure providers,” leaving a hint about potentially replacing LayerZero in the future.

ether.fi hardens weETH in parallel and joins DeFi United, donating 5,000 ETH

ether.fi’s 4/29 18:13 UTC announcement: although its own weETH was not directly affected because it had already enforced a “DVN configuration of 2 or more” in advance, it still carried out protocol-level security hardening on weETH across all 20 deployment chains. The three specific upgrade layers are:

Layer 1 Message Library Pinning: directly pin the SendUln302 and ReceiveUln302 addresses into weETH’s OApp configuration slots, so LayerZero’s multisig wallet can no longer replace the library with something that bypasses DVN verification.

Layer 2 DVN configuration pinning + 4/4 threshold: fix four DVN sets. Every cross-chain message must pass 4/4. If any DVN is unavailable or compromised, the message is immediately interrupted.

Layer 3 Pair-Wise Rate Limits: set conservative in/out weETH limits for each (source chain, destination chain) route. The quota is controlled directly by ether.fi’s own contract and is not influenced by upstream bridge providers.

The upgrade result is that “LayerZero’s multisig cannot completely modify weETH’s bridge configuration on-chain, and all security parameters are exclusively controlled by ether.fi’s own multisig.” ether.fi also announced it is joining DeFi United, with its foundation donating 5,000 ETH into a dedicated rescue fund vault, and it is evaluating adding Chainlink CCIP or Wormhole as a second cross-chain message provider. It also plans to disable weETH’s bridging services on Scroll, Swell, Bera, zkSync, Mode, Blast, Morph, Sonic, and other chains by the end of June.

DeFi United hits two weeks: mobilized over 70K ETH, USDC lending rates respond

Led by Aave and spanning multiple DeFi protocols, the DeFi United rescue alliance expanded rapidly within two weeks starting 4/24. Major donations and contributions include: LayerZero Labs pledged over 10,000 ETH (5,000 ETH injected into DeFi United and 5,000 ETH injected into Aave liquidity pools); Consensys pledged up to 30k ETH; Mantle plans to lend Aave in the form of 30,000 ETH; ether.fi Foundation donated 5,000 ETH; Puffer Finance deployed part of treasury capital; River injected $3 million USDT. DeFi United’s fundraising reached over 100k unique donor addresses by 4/26.

The injection of rescue funds is directly reflected in the interest rates of Aave’s lending markets. According to on-chain analyst DefiScope’s 4/30 observation, at the exact moment the message about Mantle’s 30K ETH contribution was published, Aave’s USDC borrow rate dropped immediately from about 15% to 6.23%. Market utilization (utilization) fell from nearly 100% to 91.5%, mainly corresponding to about $100 million in USDC repayment inflows (mostly USDe arbitrage leverage unwind). In other words, “collective rescue” is not just PR—it genuinely reshapes the lending market’s liquidity conditions.

However, post-incident processing is still not complete. On-chain observers point out that 12 days after the attack, the attacker still holds collateral positions of about 107k rsETH on Aave and Compound, and these positions have not been liquidated to date. The reason is that unwinding these positions requires governance proposals on both Aave and Compound, temporary oracle adjustments, a multisig-controlled liquidation process, and redemption routes through Kelp—essentially a “committee-style liquidation,” which often takes weeks to complete. Aave plans to recover the 107K rsETH from seven attacker addresses. From technical hardening, to collective rescue mobilization, to bad-debt recovery, DeFi’s coordination capacity for “post-incident handling” is undergoing its first real stress test in this event.

This article first appeared on 链新闻 ABMedia after two weeks, covering the full cross-chain bridge upgrade by Kelp and the simultaneous weETH hardening by ether.fi.