Unchained

Luke Leasure and Shaunda Devens of Blockworks Research explain how three compounding failures, Kelp's one-of-one bridge signer, Layer Zero's permissive default settings, and Aave's failure to flag it as a collateral risk, set up the conditions for the exploit. 

Shaunda Devens then breaks down the monolithic pool design that concentrated risk, showing how 98% of rsETH collateral was backing a single leverage looping strategy. 

This clip is from a longer conversation on the Kelp rsETH hack and its implications for DeFi. Full episode here: https://youtube.com/live/hJ9X_btsvD0

We go live every Thursday at 12:00 PM ET — subscribe to catch it live.
Learn more about your ad choices. Visit megaphone.fm/adchoices

KelpDAO’s hackers left telltale signs pointing to one culprit, North Korea. Then, in a surprise move, the Arbitrum Security Council decided to fight back.

========================================================

Thank you to our sponsors!

As Bitcoin's application layer, Citrea gives you access to the first trust-minimized BTC on a fully programmable platform and a native stablecoin for Bitcoin, ctUSD. 

You can now participate in Bitcoin capital markets with lending, privacy, payments, Bitcoin yield, trading and predictions. You get expanded Bitcoin utility without sacrificing its security. 

Citrea mainnet is live. Put your BTC to work at citrea.xyz/unchained.  

Ether.fi is giving Unchained listeners 15% cashback on food and ride apps — and that's on top of the 3% you get on everything else. 

Your bank is charging you to use your own money. Laura switched and loves her card!

Go to ether.fi/unchained to claim your offer.

Nexo is the premier digital wealth platform. Receive interest on your crypto, borrow against it without selling, and trade a range of assets. Now available in the U.S with 30 days of exclusive privileges. 

Get started at http://nexo.com/unchained

========================================================

In this episode about the hack on KelpDAO that had a broad impact across all of DeFi, Miguel Morel of Arkham, explains what digital fingerprints made it clear North Korea was the likely hacker, plus how it is that Arkham’s users are using the platform to figure out how to get their bad debt out of Aave and when.

Then Griff Green, a member of the Arbitrum Security Council, explains some of the reasoning that went into the decision to freeze $71 million of the funds stolen by DPRK, how the surprise move worked technically, and why blockchains are immutable only by social consensus — and how even Bitcoin could be changed by social consensus.

Host:


⁠⁠⁠⁠⁠Laura Shin⁠⁠⁠⁠⁠, Host / Unchained

Guests:


Miguel Morel, CEO of Arkham Intelligence


Griff Green, Arbitrum Security Council Member, Leader of the DAO Security Fund, Co-founder of Giveth

Learn more about your ad choices. Visit megaphone.fm/adchoices

The $300M KelpDAO exploit became a watershed moment for DeFi, and the Arbitrum Security Council voted froze $70M worth of stolen funds. Is this a slippery slope or learning from history?

Thank you to our sponsors!⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

MultiChain Advisors is an emerging technology growth firm that has helped create $50B+ in enterprise value for 80+ clients over the past 4 years. They're the partner to help navigate markets. 

Build real traction today at multichainadv.com

The largest DeFi hack of 2026 starts with an RPC node. Not a smart contract bug. Not a stolen key. A spoofed node and a forged transaction. And North Korea drained $300 million from Kelp DAO through LayerZero’s bridge in a single block. Then the attacker went to Aave, borrowed against assets that didn’t exist, and created a bad debt crisis that locked Kain out of his own position.

That was Friday. By Sunday, North Korea had started laundering. By Tuesday, Arbitrum’s security council had done something no L2 has ever done: frozen $70 million of funds had stolen by upgrading a bridge contract mid-hack. Kain Warwick, Taylor Monahan, and Luca Netz, with guest Odysseas Lamtzidis, take apart every layer: the DVN architecture flaw, the Aave contagion, the circuit breaker debate, and why the ‘code is law’ era may have just quietly ended.

Hosts:


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Kain Warwick⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, Founder of Infinex and Synthetix


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Taylor Monahan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, Security Expert


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Luca Netz, CEO of Pudgy Penguins

Guest:


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Odysseas Lamtzidis, Founder & CEO of Phylax

Learn more about your ad choices. Visit megaphone.fm/adchoices

A $300M bridge exploit is forcing the question DeFi has been avoiding: when users lose money, who is actually responsible — the protocol, the infrastructure provider, or both?

Thanks to our sponsors!

*⁠ As Bitcoin's application layer, Citrea gives you access to the first trust-minimized BTC on a fully programmable platform and a native stablecoin for Bitcoin, ctUSD. 

You can now participate in Bitcoin capital markets with lending, privacy, payments, Bitcoin yield, trading and predictions. You get expanded Bitcoin utility without sacrificing its security. 

⁠Citrea mainnet is live. Put your BTC to work at ⁠⁠citrea.xyz/unchained.⁠ 

*⁠ Nexo is the premier digital wealth platform. Receive interest on your crypto, borrow against it without selling, and trade a range of assets. Now available in the U.S with 30 days of exclusive privileges.

Get started at http://nexo.com/unchained

A $300 million bridge exploit at Kelp DAO has put DeFi's most uncomfortable question back on the table: when users lose money, who is actually responsible? 

Katherine, Jessi, and Vy dig into the Kelp and Layer Zero finger-pointing and ask whether the industry's core values — permissionlessness, open composability — have become its greatest vulnerability. 

Then: the Ninth Circuit heard oral arguments on prediction markets last week, and the panel's pointed questions signal the case is headed to the Supreme Court sooner than most expect. 

Finally: American Express just solved three of agentic commerce's hardest problems — identity, mandate, and accountability — with a product that's live today. The crypto industry, which should be leading this race, is watching from the sidelines.

Hosts:


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Katherine Kirkpatrick Bos⁠⁠, General Counsel at StarkWare. Previously held senior legal roles across DeFi and centralized exchanges.


⁠⁠⁠⁠⁠⁠⁠⁠⁠Jessi Brooks⁠⁠⁠⁠⁠⁠⁠⁠⁠, General Counsel at Ribbit Capital


⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠TuongVy Le⁠⁠⁠, General Counsel at Veda

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Chopping Block crew and guest Monet Supply break down the $200M Kelp DAO bridge exploit, finger-pointing between LayerZero, Kelp DAO, and Aave, the wild “reverse hack” Arbitrum bailout, and what it all means for DeFi lending protocol risk, L2 trust, and the future of socialized losses in crypto.

Welcome to The Chopping Block — where crypto insiders Haseeb Qureshi, Tom Schmidt, Tarun Chitra, and Robert Leshner chop it up about the latest in crypto. This week, we’re joined by Monet Supply, DeFi governance OG and current Spark brain, for a front-row seat to crypto’s hack-of-the-week: the $200M “Kelp DAO—LayerZero—Aave” debacle. If you thought DeFi risk was just about liquidations, buckle up. The team untangles the hack mechanics, the musical chairs of collateral across bridges and lending markets, and—most importantly—the prime time blame game: is it LayerZero’s fault for running a single-signer bridge, or did Kelp DAO or Aave drop the ball?

We dive deep into the “socialized losses” mess facing Aave depositors (especially on L2s), unpack Arbitrum’s extraordinary move to confiscate coins back from North Korea (yes, really), and debate whether rollups can—or should—aspire to Ethereum’s censorship resistance. Finally, the squad discusses concrete remediation: rate limits, portfolio triage on risky collaterals, and the meta-game of DeFi crisis response. If you want the blunt, unfiltered, and occasionally spicy take on DeFi’s latest chaos, let’s get into it.

Listen to the episode on Apple Podcasts, Spotify, Pods, Fountain, Podcast Addict, Pocket Casts, Amazon Music, or on your favorite podcast platform.

Show highlights

🔹 Kelp DAO bridge exploit: $200M minted, North Korea fingered, DeFi lending protocols left holding the bag  

🔹 Why LayerZero’s single-validator bridge design was a disaster waiting to happen  

🔹 The Spider-Man meme comes to DeFi: KelpDAO, LayerZero, and Aave point fingers  

🔹 Aave’s socialized losses headache: who eats the bad debt, L1 vs L2 depositors  

🔹 Arbitrum’s Security Council “reverse hack” to claw back stolen ETH—feature or bug?  

🔹 DeFi lending protocol design flaws, cascading risks, and pooled markets explained  

🔹 Remediation: rate limits, fewer LRTs, and the “surface of death” in risk management  

🔹 Rollups & L2s: why “Ethereum with training wheels” isn’t always the goal  

🔹 What this week means for DeFi precedent, governance, and future hacks  

🔹 DeFi’s growing pains: market demands bailouts, but who should actually pay up?

Hosts

⭐️Haseeb Qureshi, Managing Partner at Dragonfly

⭐️Tarun Chitra, Managing Partner at Robot Ventures

⭐️Tom Schmidt, General Partner at Dragonfly 

Guest

⭐️ Monet Supply, Head of Strategy at Spark

Disclosures
Learn more about your ad choices. Visit megaphone.fm/adchoices