Curve Finance Suspends LayerZero Bridging as a Precaution, Limits CRV and crvUSD Bridge Access

Curve Finance announced on the X platform on April 19 that, due to an attack on LayerZero infrastructure related to rsETH, it has suspended LayerZero cross-chain functionality for precautionary reasons until the root cause of the incident is clarified. According to Curve Finance’s announcement, the affected scope includes the bridging of CRV on specific chains and the fast cross-chain bridging of crvUSD.

Suspension scope: affected cross-chain bridge functions

According to Curve Finance’s announcement on the X platform, this suspension covers the following functions:

CRV cross-chain bridge suspension: CRV cross-chain bridging from BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava is disabled; other chains continue to use native bridges and are not affected

crvUSD fast cross-chain bridge suspension: L2 slow bridging can still be used normally, while the fast bridging function is paused

Curve said these measures are precautionary and will be decided whether to resume the related functions after further clarifying the cause of the LayerZero infrastructure security incident.

Curve founder Michael Egorov’s comments on the lending architecture

Based on comments from Curve Finance founder Michael Egorov regarding this incident, he said, “I hope Aave can address this issue. Kelp DAO lost about $292 million due to an attack, which led to bad debt at Aave. This is the risk that comes from the commonly used ‘non-isolated lending’ model. This model has historically shown good scalability, but the risks are also higher.”

In his comments, Egorov mentioned two alternative lending architectures: one is a fully isolated model similar to the markets of Curve Finance, and the other is a more complex hybrid model. He also noted that Aave v4’s hub-and-spoke model “might be a step toward semi-isolation and improved safety,” and said the market has not yet thoroughly evaluated the advantages of these approaches.

Background on the Kelp DAO attack and subsequent impact on Aave

According to the statement from Kelp DAO on the X platform, on Saturday, April 18, 2026, a bridge adapter built by Kelp DAO based on LayerZero was attacked. The attacker used the related assets to borrow on the Aave platform, causing the utilization rate of the core lending pool to skyrocket and leaving users facing withdrawal difficulties. Kelp DAO has paused its rsETH contracts on the Ethereum mainnet and multiple L2 scaling networks. DeFiLlama pseudonymous co-founder 0xngmi reported on the X platform that as of Sunday early morning, Aave’s net withdrawals reached $6.2 billion; Spark pseudonymous head of strategy monetsupply.eth said the incident showed “negative secondary effects.”

Frequently asked questions

Which specific cross-chain bridge functions are involved in this suspension by Curve Finance?

According to Curve Finance’s April 19, 2026 announcement on the X platform, the suspension scope includes CRV cross-chain bridging from BNB Chain, Sonic, Avalanche, Fantom, Etherlink, and Kava, as well as crvUSD fast cross-chain bridging; native bridging on other chains and L2 slow bridging can still be used normally.

Why did Curve Finance suspend LayerZero functionality? When will it resume?

According to Curve Finance’s announcement, this suspension is a precautionary measure. Because LayerZero infrastructure related to rsETH was attacked, Curve said it will decide the resumption timeline after clarifying the root cause of the incident, and no specific schedule has been announced yet.

What technical viewpoints did Curve founder Michael Egorov raise regarding this attack?

Based on Michael Egorov’s public comments, he said that the Kelp DAO attack resulted in losses of about $292 million and also affected Aave. The root cause is the inherent risk of the “non-isolated lending” model. He mentioned the fully isolated model and hybrid architecture as alternative solutions, and said that Aave v4’s hub-and-spoke architecture may be one of the directions to improve security.