Cross-chain bridge unverified mint pattern

Aave v3's assessment for RD-F-106 — scored not_assessed on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The April 18 attack was precisely this signal's detection target: Lazarus forged rsETH mints via a compromised LayerZero DVN, then deposited the unbacked rsETH as Aave collateral. rsETH markets are frozen as of April 27, preventing further cross-chain contamination. v1-deferred signal. Yellow because the mechanism is confirmed applicable and bad debt ($123-230M) from the prior event remains unresolved.

Sources #

URL
Halborn: Explained The Kelp DAO Hack April 2026Kelp DAO hack explanationretrieved 2026-04-27
Governance
rsETH Incident Report — root cause: LayerZero 1/1 DVN misconfiguration on Kelp sidersETH Incident Reportretrieved 2026-04-27

Methodology #

Detect cross-chain activity consistent with an unverified mint on the destination chain (deposit on source without corresponding verified proof on dest).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol aave-v3 factor RD-F-106 score not_assessed collected_at 2026-04-27 23:28:46