Background

On Friday 18 April, an attacker exploited a vulnerability in Kelp DAO’s LayerZero V2 bridge route (Unichain to Ethereum), minting unbacked rsETH on Ethereum mainnet. The exploit triggered rsETH and WETH freezes on Aave, elevated borrow rates across several protocols, and a broader liquidity crunch in ETH-denominated markets.

While the portion of the Arbitrum DAO treasury managed by KPK had no direct rsETH exposure, KPK identified potential contagion risks on Aave and took precautionary measures. This post provides a full account of the actions taken.

Actions taken

At 18:54 UTC on 18 April, KPK received an alert regarding suspicious rsETH transfers. By 19:14 UTC, 20 minutes later, the incident was confirmed and KPK executed a precautionary exit on the Arbitrum treasury:

• Exited Sky’s Savings USDS position to eliminate any indirect exposure (transaction)

This exit was precautionary. The Arbitrum treasury held no direct rsETH positions at the time of the incident. All actions were executed through the non-custodial Permissions Layer, which defines pre-approved actions for the treasury management team.

Impact on the Arbitrum treasury

The Arbitrum treasury was not materially affected by the rsETH exploit. No funds were lost and no bad debt was incurred. The precautionary exit was completed successfully and in full.

Resolution and Current Status

All precautionary exits were completed successfully. The treasury continues to operate normally.

We continue monitoring the situation across all protocols and will post further updates if any developments affect the treasury.

We are happy to answer any questions from delegates and community members.