As of this morning, the dashboard at defiunited.fyi reads 102,542 ETH filled against a 163,200 ETH shortfall. defiunited.eth is the recovery wallet Aave organized after the April 18 Kelp DAO bridge exploit drained $292 million of restaked ETH. Public donations from individual wallets to that address now total approximately 14,570 ETH — about $34 million in unsolicited contributions, much of it from people who lost nothing personally.

60,658 ETH still missing as of the April 27, 2026 dashboard read. ~$140M at current ETH. Twenty-something protocols, foundations, and individuals are taking turns covering the gap.

All of this is happening because a single off-chain signer signed a packet that lied. The bridge had one signer. The signer trusted its RPC. The RPC was compromised. The packet flowed.

LayerZero’s post-mortem on the Kelp DAO exploit, published April 20, says the choice directly:

“KelpDAO chose to utilize a 1/1 DVN configuration. A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised.” — LayerZero post-mortem, Apr 20

Kelp’s response, published the same day, said the 1-of-1 DVN setup it used “followed LayerZero’s documented defaults” and noted that the validator stack compromised by the attacker “is part of LayerZero’s own infrastructure,” rather than something Kelp had chosen against guidance.

Both are true. The two parties are arguing over whose responsibility it was to insist on a different default. The shared fact, which neither side disputes, is that the cross-chain authority for $292 million of restaked ETH reduced to one off-chain signer. That is the architecture this post is about.

The bridge had one signer. The signer trusted its RPC. The RPC was compromised. $292M moved with no human in the loop.

The trust boundary

A DVN — Decentralized Verifier Network — is the off-chain attestation layer in LayerZero’s omnichain protocol. When a cross-chain message moves from one chain to another, a DVN observes the source chain, confirms the underlying transaction occurred, and signs an attestation that the destination chain’s adapter trusts. A 1-of-1 configuration means there is one DVN and one DVN’s signature is enough.

Brale, a regulated stablecoin issuer that operates a LayerZero DVN of its own, posted on April 19 — the day after the Kelp exploit — what is by far the cleanest framing of what this means:

“A DVN of one is a key of one. The less novel lesson is that the RPC layer your validator trusts is part of your validator.” — Brale, Apr 19

That second sentence is the post inside the post. When a system reduces to one signer, the trust boundary is not just the signer — it is everything the signer trusts, transitively. The signer’s RPC nodes. The signer’s monitoring stack. The signer’s failover logic. The signer’s binaries. All of that is now load-bearing on the cross-chain authority chain. The chain doesn’t care how many of those things you got right. It only cares about the one that goes wrong.

How the boundary collapsed

The Chainalysis post-mortem on the exploit attributes the attack to North Korea’s Lazarus Group, specifically the TraderTraitor sub-cluster. The mechanism, in plain terms:

The Lazarus operators compromised two RPC nodes hosted by LayerZero. They did not steal a key. They did not bypass a signature. They installed malicious binaries on those two nodes that selectively returned false data to the DVN’s monitoring path — telling the DVN that an rsETH burn had occurred on Unichain, when no such burn had occurred. Backup RPC infrastructure was DDoS’d to force failover onto the compromised nodes. The DVN observed what it believed was a valid burn, signed an attestation, and produced a forged LayerZero packet. The malicious binaries self-destructed afterward, wiping local logs.

The signer was honest. The signer’s eyes weren’t.

The Ethereum-side adapter accepted the forged packet and released 116,500 rsETH — about 18% of the total supply — to an attacker-controlled address. The attacker fanned the rsETH out across seven branch wallets and deposited 89,567 of it onto Aave V3 as collateral, borrowing 82,650 WETH and 821 wstETH at health factors between 1.01 and 1.03. From the forged packet to the borrow was a matter of minutes. None of those steps had a re-verification primitive. None of them needed one.

The dashboard, this morning

The recovery is not a smart contract. It is a coalition. The contributor stack as of this morning:

  • Mantle Treasury — 30,000 ETH credit facility (Lido APR + 1%, capped at 36 months, AAVE collateral). Mantle governance pending.
  • Aave DAO Treasury — 25,000 ETH grant proposal — still in ARFC stage; not yet on Snapshot as of writing.
  • Stani Kulechov — 5,000 ETH personal contribution. “Aave is my life’s work.”
  • EtherFi Foundation — 5,000 ETH (DAO vote passed).
  • Lido DAO — Up to 2,500 stETH, capped allocation.
  • Babylon Foundation — $3M USDT ($2M to V3, $1M to V4), deposited Apr 26.
  • Golem Foundation — 1,000 ETH donation from Golem Foundation and Golem Factory treasuries.
  • Emilio Frangella — 500 ETH personal — Aave’s SVP of Engineering.
  • BGD Labs / Boado — 350 ETH combined — donated despite no longer being involved with Aave since 2024.
  • Solana Foundation — Undisclosed USDT lend, announced by Lily Liu Apr 25 — the first time the Solana Foundation has ever lent to Aave.
  • Ethena, LayerZero, Ink/Tydro, Frax — Mix of donation and liquidity, undisclosed amounts.
  • Public donations — Approximately 14,570 ETH to defiunited.eth from individual wallets and small contributors.

That last line is the part to hold for a second. Roughly $34 million in public donations, much of it from individual wallets that lost nothing personally, has arrived at a recovery address to make strangers whole. There is no contract. There is no governance vote. There is no expected return. They are running the verification primitive that the bridge didn’t have — the one that would have asked, before the funds moved, did the entity initiating this transaction actually authorize it under a finalized cross-chain state? — except they are running it in reverse, after the fact, with their own money, with a Twitter post for an audit trail.

That is what coordination looks like when the verification layer is missing. That is also what it costs.

Same shape, different layer

Every centralized platform has authority paths that reduce to N=1 at some load-bearing moment. They are not always called DVNs.

A crypto exchange withdrawal: an authenticated session. One bearer token. The session was authorized at login; nothing re-authorizes at the moment the funds leave.

A wire transfer: a multifactor that was solved at some prior moment, often days earlier, and is trusted at the moment of the action.

A beneficiary change: a confirmation email — a single channel of attestation, often the same channel the attacker compromised on the way to it.

A staking deposit: a wallet signature whose authority comes from the device that holds the key. One device. One signer.

Each of these is identity verified at the moment of configuration — signup, MFA enrollment, beneficiary add, key generation — and trusted at the moment of action without a fresh attestation. A bridge with one signer is a key with one signer is a session with one bearer token is a withdrawal with one approved multifactor. The shape of the problem is identical whether the signer is a DVN, a YubiKey, a phone, or a passkey. When the trust boundary collapses to one, an attacker who controls anything inside that boundary controls the action. Lazarus didn’t compromise the DVN’s key. They compromised the node the DVN was reading from. The chain didn’t know the difference.

What underwriters are starting to ask

Insurance carriers writing crypto coverage in 2026 have started asking, on renewal questionnaires, a question they were not asking a year ago: at the load-bearing moment of authority on your protocol, how many independent signers must concur? The number 1 prices very differently from the number 3. The crypto-native carriers (Evertas, Relm, Breach), the brokers writing digital-asset coverage (Marsh, Aon, Lockton, Paragon), and the Lloyd’s syndicates pricing renewals (Atrium, Arch, Canopius, Chaucer, Beazley) are starting to grade this distinction. The Aave / Kelp event will anchor that line of questioning for the next two renewal cycles.

The closer

The Brale line, run back, deserves its own paragraph: a DVN of one is a key of one.

Two hundred and ninety-two million dollars is a lot of money to learn that lesson again. About one hundred and sixty million has been raised through Mantle, Stani, EtherFi, Lido, BGD, Babylon, Golem, the Solana Foundation, and a long list of public addresses sending ETH to a recovery wallet because they wanted to. Sixty thousand six hundred fifty-eight ETH are still missing.

The bridge had one signer. The signer’s RPC was the trust boundary. The trust boundary was compromised. The packet flowed. The verification layer that would have asked, at the moment of the cross-chain mint, whether the underlying state had finalized — was not present. It had been verified once, at configuration. Nothing re-asked.

A bridge with one signer is a key with one signer is a session with one bearer token is a withdrawal with one approved multifactor. That is the post.

— Tristan