Key Takeaways:
- rsETH depegged to $1,723 on April 23 after KelpDAO suffered a breach by suspected hackers.
- Contagion risks led Aave to freeze reserves, as $71 million in stolen funds remains a market threat.
- Flare plans the FAssets v1.3 upgrade to boost security via 4 verifier networks and mint caps.
rsETH Struggles to Regain Parity
April 23 marked the third straight day KelpDAO’s liquid restaked token (LRT), rsETH, failed to maintain its peg to ether ( ETH). However, Coingecko data shows that rsETH, which traded at a premium until April 20, has narrowed the gap with ETH to between $150 and $200. Shortly after a KelpDAO breach by suspected North Korea-backed hackers, rsETH plunged from $2,404 to $1,723. In contrast, ETH stood at $2,270 at the time, a difference of more than $540.
In tandem with the slow recovery, rsETH’s trading volumes have gradually declined from levels seen on April 18 and 19, when they surpassed $10 million. By 2 p.m. EDT on April 23, the token’s volumes had slipped to five-figure levels seen before the breach.
The token’s attempt to regain parity with ETH came amid ongoing efforts by the KelpDAO team to recover stolen funds. As reported by Bitcoin.com News, those efforts received a boost after the Arbitrum Security Council froze approximately $71 million in stolen funds. The KelpDAO team stated via X that all attention and efforts are now directed toward safeguarding users and strengthening the protocol.
Some observers assert the depegging of rsETH could trigger contagion across the broader decentralized finance ( DeFi) ecosystem because a loss of value forces liquidations on platforms such as Morpho, Spark, and Gearbox. This risk led major protocols to take preemptive measures. Aave, for instance, froze rsETH and wrsETH reserves and set loan-to-value (LTV) ratios to zero to protect the protocol from bad debt.
The Case for Transparent Bridge Security
Filip Koprivec, chief product officer (CPO) at Flare, told Bitcoin.com News that such incidents highlight a “shared responsibility” between asset issuers and the protocols that host them.
“Once a protocol lists a bridged asset as collateral, it is also taking on bridge risk, not just token risk,” Koprivec said. “That is why bridge security should be treated as part of collateral risk management from the outset.”
Koprivec noted that the rsETH incident underscores the need for protocols to treat bridged assets as unique entities rather than a generic category. He argued that bridge security configurations should not be “buried in technical documentation” but surfaced clearly for users and integrators.
“What matters is whether the route is genuinely diversified, whether that configuration can change, and whether those changes are visible in a simple and reliable way,” Koprivec said. He added that this transparency should be an ongoing review rather than a “one-time disclosure.”
Following the KelpDAO exploit, Flare clarified its system boundaries and paused its Layerzero OFT transport rail as a precaution. The network also increased its decentralized verifier networks (DVNs) from two to four—specifically utilizing Layerzero Labs, Nethermind, Canary, and Horizen. Flare is also preparing the FAssets v1.3 upgrade, which will introduce mint-side controls such as caps and delays.
According to Flare, these measures stand out as much of the industry still relies on weaker configurations, even as demand for bridged XRP continues to grow. Despite market volatility, Flare’s DeFi ecosystem remains robust, with more than $440 million in total value locked (TVL) and the majority of FXRP actively deployed.
