SlowMist frames the Kelp DAO rsETH and LayerZero incident as a cascading DeFi failure involving liquid restaking tokens, cross-chain bridge verification, and lending-protocol collateral assumptions. The interview says LayerZero attributed the attack to Lazarus Group’s TraderTraitor branch and describes APT-like preparation including mixer-funded gas, advance RPC-node reconnaissance, selective forged responses to DVN IPs, DDoS against normal RPC nodes, and self-destruction of malicious binaries. The attacker allegedly compromised RPC infrastructure used by a single LayerZero DVN, caused a forged rsETH message to pass verification, and then used the resulting rsETH as collateral in protocols such as Aave to borrow liquid assets. The key defensive lesson is that code audits alone are insufficient when a protocol’s cross-chain trust model, DVN thresholds, RPC dependencies, and collateral risk controls can propagate one infrastructure compromise into ecosystem-wide losses.