Kelp DAO was hacked for $292 million; Aave takes over a huge amount of bad debt.

深潮TechFlow
深潮TechFlow
  • Attack Overview: Largest DeFi theft in 2026, attacker used forged cross-chain messages via LayerZero to steal 116,500 rsETH from Kelp DAO, worth approximately $292 million.
  • Timeline: First success at 17:35 UTC; Kelp froze contracts after 46 minutes; attacker attempted additional withdrawals unsuccessfully.
  • Impact: Attacker collateralized stolen rsETH on Aave V3 to borrow wETH, causing bad debt estimated at $177 million; multiple lending protocols froze rsETH markets.
  • Exposed Risks: Vulnerability in cross-chain bridge reserve model, where empty mainnet reserves affect all chain assets; DeFi composability amplifies attack risks.
  • Industry Response: Aave, SparkLend, Lido, etc., took preventive measures by suspending related services.
  • Underlying Issues: High risks of LRTs as collateral, requiring reevaluation of safety parameters; need for improved security in DeFi.
Summary

Written by: Xiaobing

At 17:35 (UTC) on April 18, a wallet that had been cleaned with Tornado Cash sent a cross-chain message to LayerZero's EndpointV2 contract.

The message's meaning is simple: a user on a certain chain wants to transfer rsETH back to the Ethereum mainnet. LayerZero faithfully conveyed the instruction as designed. The bridge contract deployed by Kelp DAO on the mainnet also faithfully executed the release as designed.

116,500 rsETH, worth approximately $292 million at the time, were transferred to an address controlled by the attackers in a single transaction.

The problem is that no one on the other chain ever stored this rsETH. This "cross-chain request" was fabricated out of thin air, and LayerZero believed it, as did Kelp's bridge.

Forty-six minutes later, Kelp's emergency multisignature was paused. By then, the attackers had completed the second half of their operation, pledging the stolen, essentially unpegged rsETH into Aave V3 and borrowing approximately $236 million worth of wETH.

This is the largest DeFi theft so far in 2026, exceeding the Drift protocol's loss by several million dollars on April 1st by North Korean-backed hackers. But what truly sends chills down the spines of the industry is not just the amount of money involved.

How the attack occurred: Three bets placed between 17:35 and 18:28

Let's restore the timeline.

17:35 UTC, first success. The attacker invoked the lzReceive function on the LayerZero EndpointV2 contract, a wallet backed by Tornado Cash, to send a forged cross-chain data packet to the Kelp bridging contract. Contract verification passed, and 116,500 rsETH were released to the attacker's address. A single transaction. Clean.

At 18:21 UTC, Kelp's emergency pause multisignature service froze the rsETH core contract on the mainnet and multiple L2 servers. This occurred 46 minutes after the attack.

At 18:26 and 18:28 UTC, the attacker launched two more attempts, each time carrying a LayerZero data packet attempting to withdraw another 40,000 rsETH (approximately $100 million). Both attempts were reverted, and the contract was frozen, but the attacker was clearly still trying to abscond with the remaining liquidity.

Nearly three hours elapsed between the initial success and Kelp's public statement.

Kelp's first X post wasn't published until 20:10 UTC, and the wording was very restrained: Suspicious cross-chain activity involving rsETH has been discovered, and rsETH contracts on the mainnet and multiple L2 have been suspended. We are working with LayerZero, Unichain, the auditors, and external security experts to conduct root cause analysis.

However, ZachXBT, a blockchain analyst, provided an earlier conclusion than the official statement. Before 3 PM ET, he posted an alert on his Telegram channel, listing six wallet addresses linked to the theft and noting that the attacking wallets had all prepared funds via Tornado Cash before commencing their operations. He didn't name Kelp DAO, but the blockchain analyst pieced together the addresses within hours.

This was a premeditated operation executed within minutes . The pre-charged, laundered wallets, the meticulously crafted cross-chain data packets, the coordinated attack and Aave mortgage lending—each step was executed with the precision of a metronome.

After stealing, they also swindle you.

If it were just a simple bridging vulnerability that resulted in the theft of 116,500 rsETH and the perpetrators running away, it would at most be considered a major incident in 2026. Kelp would absorb the loss, the community would digest it for a few days, and the industry would move on.

But the attackers had clearly done the math. rsETH itself doesn't have ample secondary liquidity, and directly dumping $292 million onto DEXs for a sell-off would result in slippage eating up a significant portion of the profits. A more elegant way to exit was to package this "newly acquired rsETH" as seemingly respectable collateral and borrow truly liquid assets through lending protocols.

The attackers then took a second step: depositing the stolen rsETH into Aave V3 as collateral to borrow a large amount of wETH.

Why was this step fatal? Because at that moment, the Aave contract was still calculating the collateral value based on the oracle price of rsETH, while the reserves in the bridge had been emptied, and the underlying economic foundation of this batch of rsETH no longer existed. The lending protocol was still issuing loans according to the "100% gold content" standard, but the collateral was already a worthless check.

The result is that the attackers transferred the risk of liquidating their funds to Aave's wETH reserve pool.

Aave V3's wETH reserves are currently absorbing bad debts. Solidity developer and auditor 0xQuit reminded depositors on X that the wETH pool is actually damaged, and some withdrawals may not be restored until Aave's Umbrella backup module clears the deficit.

The latest estimate for bad debt is in the range of $177 million, and this is only on the Ethereum mainnet side.

The first major test predicted

For veteran DeFi users, this scene feels familiar. When Luna collapsed in 2022, Aave V2's Safety Module played a similar role.

This time, however, it's Umbrella that's taking the stage. Aave will launch a new generation of backup systems at the end of 2025 to replace the old Safety Module. This incident is the first major real-world stress test of Umbrella's automatic bad debt coverage mechanism.

Umbrella's logic is straightforward: stake aWETH, aUSDC, GHO, and other aTokens into the corresponding Umbrella vault to earn extra incentives during normal times. However, when the corresponding asset pool experiences a deficit, this staked portion will be slashed proportionally to cover the shortfall.

This design looks good on paper. In the first month of Aave v3.3's operation, the total deficit in the pool was about $400,000, which corresponds to nearly $9.5 billion in outstanding loans. The proportion is so small that it can be almost ignored.

However, the $177 million in bad debt is on another level. For users who staked aWETH to Umbrella, this means they will soon truly feel the weight of the words "bearing the risk of slashing" for the first time. Aave's official statement is cautious: if bad debt occurs, Aave plans to use Umbrella assets to cover any financial shortfall. But whether it can fully cover the losses, what the slashing rate will be, and how much principal stakers will lose—these questions will only be answered after the settlement process is complete.

The original sin of cross-chain bridges

What's even more disturbing is the identity of these stolen rsETH.

rsETH is deployed on more than 20 networks, including Base, Arbitrum, Linea, Blast, Mantle, and Scroll, with cross-chain transactions handled by LayerZero's OFT standard. The rsETH in the hollowed-out bridges is the reserve that supports all the "wrapped" versions of rsETH on these networks.

This design sounds quite conventional at first glance: the mainnet vault holds a 1:1 reserve, and rsETH holders on L2 can theoretically cross back to the mainnet to redeem their holdings at any time. However, this mechanism is based on the premise that the vault actually has money .

The vault is now 18% empty. Approximately 18% of Kelp's total rsETH circulating supply has lost its corresponding reserves overnight.

This creates a feedback loop: once L2 holders panic-redeem, the pressure is transmitted to the unaffected Ethereum supply side, potentially forcing Kelp to unstake its positions to meet withdrawal requests.

Re-staking isn't as simple as pressing a button. There's a delay in EigenLayer withdrawals, and a queuing period for exiting underlying validators. If L2 rsETH holders collectively rush to the redemption window, Kelp might not have enough time to prepare the necessary ammunition for mainnet redemption.

This is a fundamental risk of the bridge reserve model: if the mainnet, this single reservoir, fails, the pressure in all downstream channels will collapse. Every rsETH holder on every L2 network is currently facing the same choice: run away first, or trust Kelp to cover the fallback?

Panic swept across the entire DeFi lending sector within hours.

The rsETH market for Aave V3 and V4 is frozen, and new deposits and rsETH-based lending channels are closed.

SparkLend and Fluid followed suit by freezing the rsETH market.

Although Ethena stated that it had no rsETH exposure and maintained over 101% overcollateralization, it still suspended its LayerZero OFT bridge originating from the Ethereum mainnet as a precaution, with an expected suspension of about six hours. This reaction is quite intriguing: even players without direct exposure are suspending LayerZero-related bridges.

Lido Finance has suspended new deposits for its earnETH product (because the product contains rsETH exposure), while emphasizing that stETH and wstETH are unaffected and that the Lido core staking protocol is unrelated to this event.

Upshift has suspended deposits and withdrawals to High Growth ETH and Kelp Gain vaults.

The list is still getting longer.

Deep Tide Commentary: The Road to DeFi Security is Long and Arduous

As of this writing, the root cause analysis of Kelp DAO is still ongoing. How much of the stolen rsETH can be recovered through negotiations with the security team or white-hat hackers? Can Aave's Umbrella withstand this bad debt? Will L2 rsETH holders trigger a run on the platform? Can the prices of AAVE and rsETH stabilize before the end of the weekend?

However, some problems have already emerged.

For example, can LRT continue to be eligible collateral for lending agreements?

Liquid Restaking Tokens (LRTs) were the darling of the Ethereum ecosystem in the last cycle. EigenLayer initiated the narrative of "earning multiple levels of returns with one unit of ETH," and protocols such as Kelp, ether.fi, and Puffer industrialized this narrative. The end result was that LRTs were included in the collateral whitelist by major lending protocols as structured assets.

This decision is based on the assumption that LRT’s anchoring mechanism is robust enough and that the risks of multi-layered nesting of underlying assets can be fully modeled and isolated at the smart contract level.

The Kelp incident exposed a huge hole in this assumption in just one afternoon. The risks of LRT come not only from the underlying smart contracts, but also from its cross-chain distribution architecture; not only from a single protocol, but also from every dependency it has with EigenLayer, LayerZero, and Aave. Each piece of the DeFi Lego set may seem safe individually, but when they are put together, the risks are multiplied, not added together.

In the coming months, all lending agreements that still use LRT as high-grade collateral will need to reassess their risk parameters. Supply caps will decrease, liquidation buffers will increase, and some agreements may be delisted altogether.

The moat of DeFi has always been called "composability," but this incident reminds everyone that composability is a double-edged sword. The network effect you are proud of is just an amplifier in the hands of attackers.

This time, the attackers had planned their exit strategy in advance. They did more than just steal; they used DeFi composability as a weapon. The closer the dependencies between protocols and the richer the composability, the wider the attacker's attack surface and the more financial Lego pieces they can call upon.

DeFi security remains a long and arduous task.

Share to:

Author: 深潮TechFlow

Opinions belong to the column author and do not represent PANews.

This content is not investment advice.

Image source: 深潮TechFlow. If there is any infringement, please contact the author for removal.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
Biteye

Biteye

Biteye and PANews jointly released AI Layer1 research report: Finding fertile ground for DeAI on the chain
PA日报

PA日报

PA Daily | Hemi mainnet will be launched on March 12; Binance CEO said the current market adjustment is a tactical retracement rather than a trend reversal
PA一线

PA一线

DeFiLlama responds to allegations of inflated Aave TVL data: The impact of revolving lending has already been removed.
火币成长学院

火币成长学院

Early 2026 On-Chain Lending Market Panorama Report: Aave is a "One Dominant Player and Many Strong Players" Landscape, RWA Ushers in the Second Half of Institutionalization
Jae

Jae

Aave is mired in a trust crisis: service providers are leaving en masse, and the company has failed in its technology, governance, and risk control.
深潮TechFlow

深潮TechFlow

With three core team members "defecting" within two months, who will bail out Aave during the bear market?

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe
PANews App
24/7 blockchain news tracking and in-depth analysis.
Download PANews App
App StoreGoogle Play
PANews APP
All three major U.S. stock indexes closed lower, with COIN falling more than 7.48%.
PANews Newsflash