Aave releases post-incident investigation into the Kelp rsETH bridge attack.

CoinFeed reported on May 31 that Aave released a post-incident investigation on its X platform regarding the April 18 attack on the Kelp rsETH LayerZero V2 bridge. The investigation emphasized that the exposure stemmed primarily from third-party bridge infrastructure, not the protocol itself. The attacker used an RPC poisoning attack to forge a cross-chain message targeting LayerZero's single validator. This resulted in the release of 116,500 rsETH on the Ethereum side without any actual destruction of Unichain tokens. The attacker then deposited the stolen rsETH into Aave V3 (Ethereum Core and Arbitrum) and lent out approximately 82,650 WETH and 821 wstETH.