#rsETHAttackUpdate
Kelp DAO Bridge Hacked, A 10 Billion Dollar Shock to DeFi
On Saturday April 18 2026, the crypto market was hit by the biggest DeFi attack of the year. Hackers drained exactly 116,500 rsETH, worth around 292 million dollars, from the LayerZero powered bridge that moves Kelp DAO’s rsETH token across chains. The exploit happened in a single transaction at 17:35 UTC. The attackers tricked the bridge with a forged LayerZero packet and emptied the rsETH.
What Happened? The Technical Breakdown
Single DVN Vulnerability: The Unichain to Ethereum bridge route ran on a 1 of 1 DVN setup, meaning only one verifier was active. The attacker manipulated RPC nodes, created a fake packet, and the lone verifier signed off on it.
Bridge Drained: The OFT adapter on Ethereum held 116,723 rsETH. After the attack, the balance dropped to 223 rsETH in just one block.
Where Did the Money Go: Out of the stolen rsETH, 89,567 were deposited into Aave V3 as collateral. The hacker then borrowed 82,650 WETH and 821 wstETH against it. Health factors sat between 1.01 and 1.03, so the positions were right on the edge of liquidation.
The Kelp DAO team hit the emergency multisig and paused all contracts within 46 minutes. If they had not acted, the attacker could have pulled another 40,000 rsETH and pushed total losses to 391 million dollars.
Impact on the Crypto Market: How the Dominoes Fell
1. Liquidity Crisis at Aave
Aave held 83 percent of the total rsETH supply. With the hacker posting collateral and borrowing, Aave was suddenly exposed to between 124 and 230 million dollars in potential bad debt.
Result:
Aave’s TVL fell from 45 billion to 30 billion dollars in three days, a 33 percent drop.
Users panicked and withdrew funds. Around 10.1 billion dollars in assets left the protocol.
ETH borrowing rates jumped from 2 percent to 8 percent, the highest level since at least January 2024.
USDT and USDC borrowing rates spiked from 3.4 percent to 14 percent.
Aave froze rsETH and wrsETH markets across 11 networks including Ethereum, Arbitrum, Avalanche, Base, Linea, and Mantle.
2. Price Action and TVL Drop
The AAVE token lost between 15 and 18 percent of its value.
Overall DeFi TVL fell from 99 billion to 89 billion dollars on April 18, wiping out 10 billion dollars.
Justin Sun withdrew 65,580 ETH in a single transaction, about 154 million dollars.
3. Chain Reaction
SparkLend and Fluid also shut down their rsETH markets. Lido stopped new deposits into rsETH related products. Relay infrastructure kept running, but vault withdrawals stalled because of collateral tied up in Aave’s WETH market.
Who Is Responsible? All Eyes Turn
LayerZero pointed to the Lazarus Group. The RWATimes report flagged their TraderTraitor subgroup. The attacker wallets were funded through Tornado Cash.
Important detail: According to Llamarisk and the Aave report, Aave’s own contracts were not compromised. The issue was entirely in Kelp DAO’s bridge configuration.
Recovery Plan: A 30,000 ETH Lifeline
Mantle proposed lending up to 30,000 ETH to the Aave DAO to cover the bad debt. The loan term would be 36 months with an interest rate of Lido yield plus 1 percent. Stani Kulechov announced the support with the phrase DeFi United.
Kelp DAO managed to recover 40,373 rsETH. That only covers 26 percent of the 152,577 rsETH demand across all L2s. The mainnet version of rsETH is unaffected for now because it is directly backed by staking.
Three Lessons From This Incident
1. Bridge Security Equals DeFi Security: Running a single verifier DVN means trusting 292 million dollars to one packet. Projects using LayerZero will now likely require multi DVN setups and optional verifiers. 2. Systemic Risk in LRTs: When liquid restaking tokens like rsETH get concentrated in giant protocols like Aave, a single exploit shakes the whole market. Having 83 percent in one protocol is too much exposure. 3. Oracles Lag Behind: During the hack, Aave still priced rsETH near peg and allowed 106,467 ETH in borrowing. The bridge exploit did not reflect in price feeds fast enough.
What Happens Next
Short term, rsETH versions on L2s will stay illiquid. The 40,373 rsETH in the bridge cannot cover all rsETH on L2s. That means rsETH on Arbitrum, Base, and Mantle will act like receipts without a vault for a while.
Medium term, if Aave’s bad debt is cleared through the Mantle loan and Kelp DAO repayments, confidence could return. Regulators will likely take a harder look at bridge standards. As Al Jazeera Economy reported, this attack is part of a growing trend of DeFi security breaches in 2026.
Final Thought
The #rsETHAttackUpdate did not just hit Kelp DAO. Aave losing 10 billion dollars showed how interconnected all of DeFi really is. Going forward, asking who audits the bridge will matter more than asking what the APY is.
Stay tuned, because it is still unclear how Kelp DAO will distribute the recovered 40,373 rsETH. That decision will determine the losses for rsETH holders on L2s.
Kelp DAO Bridge Hacked, A 10 Billion Dollar Shock to DeFi
On Saturday April 18 2026, the crypto market was hit by the biggest DeFi attack of the year. Hackers drained exactly 116,500 rsETH, worth around 292 million dollars, from the LayerZero powered bridge that moves Kelp DAO’s rsETH token across chains. The exploit happened in a single transaction at 17:35 UTC. The attackers tricked the bridge with a forged LayerZero packet and emptied the rsETH.
What Happened? The Technical Breakdown
Single DVN Vulnerability: The Unichain to Ethereum bridge route ran on a 1 of 1 DVN setup, meaning only one verifier was active. The attacker manipulated RPC nodes, created a fake packet, and the lone verifier signed off on it.
Bridge Drained: The OFT adapter on Ethereum held 116,723 rsETH. After the attack, the balance dropped to 223 rsETH in just one block.
Where Did the Money Go: Out of the stolen rsETH, 89,567 were deposited into Aave V3 as collateral. The hacker then borrowed 82,650 WETH and 821 wstETH against it. Health factors sat between 1.01 and 1.03, so the positions were right on the edge of liquidation.
The Kelp DAO team hit the emergency multisig and paused all contracts within 46 minutes. If they had not acted, the attacker could have pulled another 40,000 rsETH and pushed total losses to 391 million dollars.
Impact on the Crypto Market: How the Dominoes Fell
1. Liquidity Crisis at Aave
Aave held 83 percent of the total rsETH supply. With the hacker posting collateral and borrowing, Aave was suddenly exposed to between 124 and 230 million dollars in potential bad debt.
Result:
Aave’s TVL fell from 45 billion to 30 billion dollars in three days, a 33 percent drop.
Users panicked and withdrew funds. Around 10.1 billion dollars in assets left the protocol.
ETH borrowing rates jumped from 2 percent to 8 percent, the highest level since at least January 2024.
USDT and USDC borrowing rates spiked from 3.4 percent to 14 percent.
Aave froze rsETH and wrsETH markets across 11 networks including Ethereum, Arbitrum, Avalanche, Base, Linea, and Mantle.
2. Price Action and TVL Drop
The AAVE token lost between 15 and 18 percent of its value.
Overall DeFi TVL fell from 99 billion to 89 billion dollars on April 18, wiping out 10 billion dollars.
Justin Sun withdrew 65,580 ETH in a single transaction, about 154 million dollars.
3. Chain Reaction
SparkLend and Fluid also shut down their rsETH markets. Lido stopped new deposits into rsETH related products. Relay infrastructure kept running, but vault withdrawals stalled because of collateral tied up in Aave’s WETH market.
Who Is Responsible? All Eyes Turn
LayerZero pointed to the Lazarus Group. The RWATimes report flagged their TraderTraitor subgroup. The attacker wallets were funded through Tornado Cash.
Important detail: According to Llamarisk and the Aave report, Aave’s own contracts were not compromised. The issue was entirely in Kelp DAO’s bridge configuration.
Recovery Plan: A 30,000 ETH Lifeline
Mantle proposed lending up to 30,000 ETH to the Aave DAO to cover the bad debt. The loan term would be 36 months with an interest rate of Lido yield plus 1 percent. Stani Kulechov announced the support with the phrase DeFi United.
Kelp DAO managed to recover 40,373 rsETH. That only covers 26 percent of the 152,577 rsETH demand across all L2s. The mainnet version of rsETH is unaffected for now because it is directly backed by staking.
Three Lessons From This Incident
1. Bridge Security Equals DeFi Security: Running a single verifier DVN means trusting 292 million dollars to one packet. Projects using LayerZero will now likely require multi DVN setups and optional verifiers. 2. Systemic Risk in LRTs: When liquid restaking tokens like rsETH get concentrated in giant protocols like Aave, a single exploit shakes the whole market. Having 83 percent in one protocol is too much exposure. 3. Oracles Lag Behind: During the hack, Aave still priced rsETH near peg and allowed 106,467 ETH in borrowing. The bridge exploit did not reflect in price feeds fast enough.
What Happens Next
Short term, rsETH versions on L2s will stay illiquid. The 40,373 rsETH in the bridge cannot cover all rsETH on L2s. That means rsETH on Arbitrum, Base, and Mantle will act like receipts without a vault for a while.
Medium term, if Aave’s bad debt is cleared through the Mantle loan and Kelp DAO repayments, confidence could return. Regulators will likely take a harder look at bridge standards. As Al Jazeera Economy reported, this attack is part of a growing trend of DeFi security breaches in 2026.
Final Thought
The #rsETHAttackUpdate did not just hit Kelp DAO. Aave losing 10 billion dollars showed how interconnected all of DeFi really is. Going forward, asking who audits the bridge will matter more than asking what the APY is.
Stay tuned, because it is still unclear how Kelp DAO will distribute the recovered 40,373 rsETH. That decision will determine the losses for rsETH holders on L2s.
