Unchained

Luke Leasure and Shaunda Devens of Blockworks Research explain how three compounding failures, Kelp's one-of-one bridge signer, Layer Zero's permissive default settings, and Aave's failure to flag it as a collateral risk, set up the conditions for the exploit. 

Shaunda Devens then breaks down the monolithic pool design that concentrated risk, showing how 98% of rsETH collateral was backing a single leverage looping strategy. 

This clip is from a longer conversation on the Kelp rsETH hack and its implications for DeFi. Full episode here: https://youtube.com/live/hJ9X_btsvD0

We go live every Thursday at 12:00 PM ET — subscribe to catch it live.
Learn more about your ad choices. Visit megaphone.fm/adchoices

People think of Aave and Morpho as competitors. But Morpho only lost $1 million when North Korea drained $300M from a DeFi protocol. The architecture explains why.

========================================================

Thank you to our sponsors!

Coinbase One

20% off first year of annual plan + $50 Bitcoin bonus. Offer valid until May 31.

coinbase.com/unchained

Citrea

Bitcoin changed how money works. Satya changes how Bitcoin scales.

citrea.xyz/unchained

Ether.fi

15% cash back on food and ride apps, 3% on everything else.

ether.fi/unchained

========================================================

After North Korea's Lazarus Group drained nearly $300 million from Kelp DAO's bridge, the contagion spread fast, leaving close to $200 million in bad debt on Aave. Morpho, one of the largest lending protocols in DeFi, ended up with about $1 million in exposure. 

Paul Frambot, co-founder and CEO of Morpho, explains why the protocol's modular, isolated architecture produced a different outcome, and what it reveals about how DeFi lending is supposed to work. 

He also addresses the ongoing debate over whether DeFi lenders are fairly compensated for risk, the institutional reaction to the hack and what it means for the sector's timeline, the moral complexity of Arbitrum's decision to freeze stolen funds, and why formal verification may be DeFi's last line of defense in an age of increasingly powerful AI.

Host:


⁠⁠⁠⁠⁠⁠Laura Shin⁠⁠⁠⁠⁠⁠, Host / Unchained

Guests:


⁠Paul Frambot, Co-founder and CEO of Morpho Labs

Learn more about your ad choices. Visit megaphone.fm/adchoices

KelpDAO’s hackers left telltale signs pointing to one culprit, North Korea. Then, in a surprise move, the Arbitrum Security Council decided to fight back.

========================================================

Thank you to our sponsors!

As Bitcoin's application layer, Citrea gives you access to the first trust-minimized BTC on a fully programmable platform and a native stablecoin for Bitcoin, ctUSD. 

You can now participate in Bitcoin capital markets with lending, privacy, payments, Bitcoin yield, trading and predictions. You get expanded Bitcoin utility without sacrificing its security. 

Citrea mainnet is live. Put your BTC to work at citrea.xyz/unchained.  

Ether.fi is giving Unchained listeners 15% cashback on food and ride apps — and that's on top of the 3% you get on everything else. 

Your bank is charging you to use your own money. Laura switched and loves her card!

Go to ether.fi/unchained to claim your offer.

Nexo is the premier digital wealth platform. Receive interest on your crypto, borrow against it without selling, and trade a range of assets. Now available in the U.S with 30 days of exclusive privileges. 

Get started at http://nexo.com/unchained

========================================================

In this episode about the hack on KelpDAO that had a broad impact across all of DeFi, Miguel Morel of Arkham, explains what digital fingerprints made it clear North Korea was the likely hacker, plus how it is that Arkham’s users are using the platform to figure out how to get their bad debt out of Aave and when.

Then Griff Green, a member of the Arbitrum Security Council, explains some of the reasoning that went into the decision to freeze $71 million of the funds stolen by DPRK, how the surprise move worked technically, and why blockchains are immutable only by social consensus — and how even Bitcoin could be changed by social consensus.

Host:


⁠⁠⁠⁠⁠Laura Shin⁠⁠⁠⁠⁠, Host / Unchained

Guests:


Miguel Morel, CEO of Arkham Intelligence


Griff Green, Arbitrum Security Council Member, Leader of the DAO Security Fund, Co-founder of Giveth

Learn more about your ad choices. Visit megaphone.fm/adchoices

The $300M KelpDAO exploit became a watershed moment for DeFi, and the Arbitrum Security Council voted froze $70M worth of stolen funds. Is this a slippery slope or learning from history?

Thank you to our sponsors!⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

MultiChain Advisors is an emerging technology growth firm that has helped create $50B+ in enterprise value for 80+ clients over the past 4 years. They're the partner to help navigate markets. 

Build real traction today at multichainadv.com

The largest DeFi hack of 2026 starts with an RPC node. Not a smart contract bug. Not a stolen key. A spoofed node and a forged transaction. And North Korea drained $300 million from Kelp DAO through LayerZero’s bridge in a single block. Then the attacker went to Aave, borrowed against assets that didn’t exist, and created a bad debt crisis that locked Kain out of his own position.

That was Friday. By Sunday, North Korea had started laundering. By Tuesday, Arbitrum’s security council had done something no L2 has ever done: frozen $70 million of funds had stolen by upgrading a bridge contract mid-hack. Kain Warwick, Taylor Monahan, and Luca Netz, with guest Odysseas Lamtzidis, take apart every layer: the DVN architecture flaw, the Aave contagion, the circuit breaker debate, and why the ‘code is law’ era may have just quietly ended.

Hosts:


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Kain Warwick⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, Founder of Infinex and Synthetix


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Taylor Monahan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, Security Expert


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Luca Netz, CEO of Pudgy Penguins

Guest:


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Odysseas Lamtzidis, Founder & CEO of Phylax

Learn more about your ad choices. Visit megaphone.fm/adchoices

A $300M bridge exploit is forcing the question DeFi has been avoiding: when users lose money, who is actually responsible — the protocol, the infrastructure provider, or both?

Thanks to our sponsors!

*⁠ As Bitcoin's application layer, Citrea gives you access to the first trust-minimized BTC on a fully programmable platform and a native stablecoin for Bitcoin, ctUSD. 

You can now participate in Bitcoin capital markets with lending, privacy, payments, Bitcoin yield, trading and predictions. You get expanded Bitcoin utility without sacrificing its security. 

⁠Citrea mainnet is live. Put your BTC to work at ⁠⁠citrea.xyz/unchained.⁠ 

*⁠ Nexo is the premier digital wealth platform. Receive interest on your crypto, borrow against it without selling, and trade a range of assets. Now available in the U.S with 30 days of exclusive privileges.

Get started at http://nexo.com/unchained

A $300 million bridge exploit at Kelp DAO has put DeFi's most uncomfortable question back on the table: when users lose money, who is actually responsible? 

Katherine, Jessi, and Vy dig into the Kelp and Layer Zero finger-pointing and ask whether the industry's core values — permissionlessness, open composability — have become its greatest vulnerability. 

Then: the Ninth Circuit heard oral arguments on prediction markets last week, and the panel's pointed questions signal the case is headed to the Supreme Court sooner than most expect. 

Finally: American Express just solved three of agentic commerce's hardest problems — identity, mandate, and accountability — with a product that's live today. The crypto industry, which should be leading this race, is watching from the sidelines.

Hosts:


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Katherine Kirkpatrick Bos⁠⁠, General Counsel at StarkWare. Previously held senior legal roles across DeFi and centralized exchanges.


⁠⁠⁠⁠⁠⁠⁠⁠⁠Jessi Brooks⁠⁠⁠⁠⁠⁠⁠⁠⁠, General Counsel at Ribbit Capital


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠TuongVy Le⁠⁠⁠, General Counsel at Veda

Learn more about your ad choices. Visit megaphone.fm/adchoices