Beyond the Breach: Why rsETH’s Depegging Demands a New Standard for Bridge Security

Following a breach by suspected North Korea-backed hackers, KelpDAO’s liquid restaked token, rsETH, depegged from ether. Flare CPO Filip Koprivec argues that the rsETH incident proves bridge security must be treated as a core component of collateral risk management.

Key Takeaways:

In tandem with the slow recovery, rsETH’s trading volumes have gradually declined from levels seen on April 18 and 19, when they surpassed $10 million. By 2 p.m. EDT on April 23, the token’s volumes had slipped to five-figure levels seen before the breach.

“Once a protocol lists a bridged asset as collateral, it is also taking on bridge risk, not just token risk,” Koprivec said. “That is why bridge security should be treated as part of collateral risk management from the outset.”

Koprivec noted that the rsETH incident underscores the need for protocols to treat bridged assets as unique entities rather than a generic category. He argued that bridge security configurations should not be “buried in technical documentation” but surfaced clearly for users and integrators.

“What matters is whether the route is genuinely diversified, whether that configuration can change, and whether those changes are visible in a simple and reliable way,” Koprivec said. He added that this transparency should be an ongoing review rather than a “one-time disclosure.”

Following the KelpDAO exploit, Flare clarified its system boundaries and paused its Layerzero OFT transport rail as a precaution. The network also increased its decentralized verifier networks (DVNs) from two to four—specifically utilizing Layerzero Labs, Nethermind, Canary, and Horizen. Flare is also preparing the FAssets v1.3 upgrade, which will introduce mint-side controls such as caps and delays.