With the Kelp exploit yesterday, I wanted to provide a quick summary for folks who may be confused or simply looking for compiling what we know. Firstly, my employer would be remiss if I didn’t lead with: MegaETH does not appear to have direct exposure to the incident; I could only locate ~$100 of rsETH on the entire chain. Summary of events: Earlier yesterday, an invalid message that supposedly originated from a smaller L2 was accepted by the Kelp DAO DVN for their LayerZero OFT. As a reminder, L0 has a variety of security setups, which can be on par with or surpassing alternatives, but in practice many teams choose a lower burden. Kelp DAO's controlled contract accepted the invalid first transaction, but blocked a follow-on for another tranche of rsETH. Many teams (including Ethena, who operate USDM) have paused their OFT bridging while an investigation occurs, but as of right now this looks to me like it was a compromise on the Kelp DAO side, and the security assumptions did not require further compromise to execute malicious actions. rsETH is lock-and-mint on mainnet. This means when L0's rsETH goes between L2s, it is burn-and-mint, but when Ethereum is one end of a corridor, there is an rsETH token that is being (un)locked. For example, rsETH traveling from Optimism to Mega would burn 1 rsETH on Optimism for every 1 rsETH minted on Mega. For rsETH traveling from Optimism to Ethereum, however, 1 rsETH on Optimism would be burned and 1 rsETH would be unlocked from the mainnet escrow. In theory, there should be 1 rsETH in the mainnet escrow for every rsETH outside of Ethereum. That is now no longer the case. Somewhere between 17-18% of rsETH supply was unlocked erroneously by the attacker. That rsETH was then swapped on DEXes and borrowed against on lending protocols, including Aave, Compound, and Euler. All of this was done on Ethereum and Arbitrum to the best of my knowledge. The problem set: There are three major, interconnected problems that I currently see. First is whether rsETH is now ~17.5% undercollateralized due to the inflated supply (L1 + L2). Kelp looks like they have two paths they can take. The first is to socialize the dilution across all rsETH holders, and try to recover what it can through cooperation with DeFi teams and law enforcement. The second is to keep the mainnet supply whole, since all rsETH on mainnet are, in theory, the actual assets, and the number of rsETH on mainnet did not chain. This would effectively be pushing all losses onto L2 rsETH holders. I expect many lawyers are being activated already, since there is not clear seniority or differentiation that I can find in the Kelp documentation about this. Second is whether lending protocols now have accrued large amounts of bad debt. I want to be perfectly candid that my initial estimates are in excess of the buffers most of these protocols have in place. For example, should all rsETH holders be diluted 17%, then mainnet Aave alone looks like it has around 2x the bad debt as can be covered by Umbrella, which is more than $50m of coverage. Complicating things is that rsETH losses socialized only among L2 holders would be dramatically larger, and could still result in some Arbitrum deployments becoming insolvent. It will take some time for each lending protocol to even know which scenario would be better for them (my guess is Compound and Aave would like to see it contained to L2s, while Euler and Fluid and others who compete more in frontier markets would want the universal haircut), and then advocate for that solution to Kelp. Thirdly, while all of this is ongoing, the WETH and stablecoin markets are largely illiquid. This creates a lot of negative carry for some highly leveraged trades. Until those trades can unwind, that risks some positions slipping into liquidation at a time that some of these markets will not be especially liquid. 1/2