VECStake Live - Curve Suspends LayerZero Infrastructure After rsETH Hack

 April 20, 2026 | VECS News

Curve Finance, one of the largest decentralized exchanges in the Ethereum ecosystem, has taken the drastic step of suspending all its LayerZero-based infrastructure following a $293 million exploit targeting Kelp DAO's rsETH token. The decision announced on April 18, 2026, came as a precautionary measure after a security incident compromised the LayerZero infrastructure that both Kelp and Curve rely upon for cross-chain operations . The suspension effectively freezes a critical liquidity lifeline for Curve's native CRV token and its crvUSD stablecoin across multiple blockchain networks.

The suspension specifically affects CRV cross-chain bridging initiated from six networks including BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava . For other chains, native bridges remain operational as they do not depend on the compromised LayerZero infrastructure. Additionally, Curve's crvUSD fast bridge has been impacted by the suspension, though the slow bridge for Layer 2 networks continues to function normally . Curve Finance stated that the infrastructure will remain paused until the protocol can fully investigate and understand the root cause of the incident.

The triggering event was the Kelp DAO exploit, where an attacker manipulated LayerZero's cross-chain messaging system to mint approximately 116,500 rsETH tokens out of thin air representing roughly 18% of the token's entire circulating supply . The stolen rsETH was then deposited as collateral on Aave V3, where the attacker borrowed large volumes of Wrapped Ether (WETH). Because the rsETH became unbacked, the positions are effectively unliquidatable, leaving Aave with over $236 million in bad debt. The exploit was not a smart contract code failure but a configuration issue, specifically a single-signer setup in Kelp's LayerZero Decentralized Verifier Network .

The contagion has spread rapidly across the DeFi ecosystem, with at least nine protocols affected including Aave, Compound Finance, Fluid, SparkLend, and Euler. All these platforms were forced to take emergency action by freezing rsETH markets . Curve Finance's decision to suspend its LayerZero infrastructure represents a defensive measure designed to prevent the exploit from cascading further into its own operations. Even though Curve was not directly targeted, its reliance on the same cross-chain communication technology created unacceptable risk exposure that required immediate mitigation.

For cryptocurrency investors, this incident carries profound implications for how they evaluate DeFi investment instruments. The event demonstrates that even protocols with perfect smart contract security remain vulnerable to risks originating from external integrations and cross-chain dependencies. Michael Egorov, founder of Curve Finance, warned that non-isolated lending models expose users to risks from all the various tokens used as collateral on platforms . When one token fails, everyone holding positions in that pool faces potential losses regardless of the underlying protocol's security posture.

The market impact has been immediate and severe. rsETH has cratered 23% in the past 24 hours, trading at $1,962 with a market cap of $1.23 billion as of the latest data . The AAVE token dropped more than 18% amid panic selling while LayerZero's ZRO token fell over 40%. Total value locked across major lending protocols fell from $26.4 billion on April 18 to nearly $20 billion within hours of the exploit becoming public . This demonstrates how quickly confidence can evaporate when systemic vulnerabilities are exposed in interconnected DeFi infrastructure.

This incident follows a string of major exploits that have battered confidence in DeFi. Just two weeks prior, Solana-based perpetuals protocol Drift was drained of approximately $280 million in an attack later linked to North Korea-affiliated actors . Combined with at least a dozen other smaller protocol exploits including CoW Swap, Zerion, Rhea Finance, and Silo Finance, total losses from crypto platform attacks in April 2026 alone have surpassed $600 million. Blockchain security firm Cyvers noted that Q1 2026 losses from hacks, exploits, and scams already reached $482 million before these events .

The challenge for DeFi going forward is no longer just preventing exploits at the contract level but understanding how fast they can cascade across integrated protocols. Cyvers CEO Deddy Lavid warned that "the challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols" . As protocols race to integrate the latest restaking derivatives and yield-generating assets, the interconnected "Lego" architecture that once made DeFi innovative has now revealed its capacity to transform a single configuration error into a system-wide liquidity crisis. For investors, the lesson is clear: due diligence must now extend beyond smart contract audits to include validator configurations, bridge architectures, and the systemic interconnections between protocols that can turn one vulnerability into a market-wide disaster.

Global Expert Reactions

Michael Egorov, Founder of Curve Finance: "Cross-chain is hard and potentially risky. Only use cross-chain infrastructure when absolutely necessary, and do it really carefully" . Egorov also emphasized that DeFi teams should vet prospective digital assets to ensure that tokens do not feature single points of failure or attack surfaces before approving them as lending collateral on their platforms. He described the incident as a learning experience for DeFi that the sector can use to grow and implement better cybersecurity protections.

Deddy Lavid, CEO of Cyvers: "The challenge is no longer just preventing exploits at the contract level, but understanding how fast they can cascade across integrated protocols" . Lavid noted that this was not just a protocol exploit but immediately became a cross-protocol contagion event affecting at least nine major DeFi platforms including Aave, Compound Finance, Fluid, SparkLend, and Euler. Cyvers has been tracking how the stolen funds moved through Tornado Cash and converted to ETH across multiple networks.

Cyvers Security Team: In an analysis shared with Cointelegraph, Cyvers stated that "This was not just a protocol exploit. It immediately became a cross-protocol contagion event" . The security firm has been monitoring the aftermath of the Kelp exploit and confirmed that the incident forced multiple lending protocols to freeze rsETH markets simultaneously as they scrambled to assess their exposure.

Curve Finance Official Statement: "As a precautionary measure, we have paused LayerZero infrastructure" following a security incident affecting rsETH's LayerZero infrastructure. The protocol stated it is investigating the root cause before resuming operations . The suspension affects CRV bridging from BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava, as well as the crvUSD fast bridge.

For cryptocurrency investors navigating this landscape, the implications are clear. The Curva Finance suspension demonstrates that cross-chain infrastructure remains a critical vulnerability point in DeFi's architecture. Investors must now evaluate not just the code of platforms they use but the configuration of every bridge, validator setup, and third-party integration in the stack. The composability that once made DeFi innovative has become its greatest liability. As Egorov suggested, cross-chain infrastructure should only be used when absolutely necessary and with extreme caution. The incident serves as a stark reminder that in the interconnected world of DeFi, no protocol is an island, and a single exploit can trigger a cascade that affects the entire ecosystem.