Kelp's rsETH bridge exploited for ~$292M in LayerZero-based attack

The Block reports that Kelp's emergency pauser multisig acted within 46 minutes of the initial drain, which successfully blocked two follow-up attempts that would have increased losses. The initial attack vector appears to be a signature-verification flaw in the LayerZero-based message handler that issues rsETH when collateral is bridged in. The Block emphasizes the responsiveness of the Kelp security committee while noting the protocol is still negotiating with the attacker via on-chain messages. No funds have been returned as of reporting.