Kelp was hacked, Aave suffered heavy losses, how did they manage to steal $292 million?

On April 19, Kelp DAO's rsETH cross-chain bridge was hacked via LayerZero, with attackers stealing 116,500 rsETH worth approximately $292 million.
The attack exploited a vulnerability in the lzReceive method, allowing forged messages to release rsETH without corresponding destruction, breaking omnichain supply conservation.
This is the largest single DeFi loss in 2026, and the stolen rsETH was deposited into lending platforms like Aave, causing potential bad debts over $236 million.
Kelp responded by pausing contracts, preventing additional attacks; multiple protocols triggered emergency responses, highlighting risks in LRT asset collateralization.
The incident underscores the need for enhanced security in cross-chain deployments and caution with LRT assets in DeFi.

Written by: Sanqing, Foresight News

In the early hours of April 19th, the rsETH cross-chain bridge of Kelp DAO, a product of Kernel DAO, based on LayerZero, was compromised. The attacker called the lzReceive method of the LayerZero EndpointV2 contract, forged a cross-chain message, and caused the mainnet OFTAdapter to release 116,500 rsETH to the attacker's address. At the time, this was worth approximately $292 million, representing 18% of the approximately 630,000 circulating rsETH. The attacker's wallet had been funded through the Tornado Cash 1 ETH pool 10 hours before the attack.

Within an hour, Kelp urgently executed `pauseAll` via multisignature, freezing the LRT Deposit Pool, the Withdrawal contract, the LRT Oracle, and the rsETH tokens themselves. The attackers subsequently launched two follow-up attacks, each attempting to steal another 40,000 rsETH, but both were rolled back due to the contract suspension; otherwise, the total loss would have approached $391 million.

This is the largest single loss in DeFi so far in 2026, surpassing the $285 million Drift Protocol hack on April 1st. According to Bitget market data, AAVE, ZRO, and KERNEL have fallen by approximately 16%, 20%, and 11% respectively in the past 24 hours following the incident.

The lock-up in the OFTAdapter is all of it.

Kelp's cross-chain solution is a typical Hub-and-Spoke deployment. The mainnet retains the minting and redemption rights of rsETH through the OFTAdapter contract, and more than 20 L2 transactions are mapped using standard OFT contracts.

Cross-chain transactions do not generate wrapped versions; instead, they involve a 1:1 debit-credit settlement. From the mainnet to L2, the process involves Adapter locking and L2 minting; from L2 to the mainnet, the process involves L2 destruction and Adapter release.

The entire ledger is maintained by the LayerZero message layer, and the Kelp contract is only responsible for executing four actions: lock, burn, mint, and unlock, based on the message.

lzReceive is the lifeblood of this mechanism. It is the entry point for EndpointV2 to call the target chain OFT/OFTAdapter, and theoretically only accepts messages verified by LayerZero.

The attacker bypassed the verification logic and forged a cross-chain message without any corresponding source chain destruction record, directly triggering the release of the mainnet Adapter, causing 116,500 rsETH to flow out of the reserves without any destruction offset.

There was no source debit, yet credit occurred at the destination. This is the moment when the Omnichain supply conservation was broken.

In this structure, the locked staking in the mainnet Adapter contract is the ultimate value support for all rsETH across 20+ chains. rsETH on L2 is never an independent asset; it's merely a withdrawal order from the mainnet reserves. Once the reserves are depleted, all withdrawal orders become worthless.

Furthermore, the success of the attack may also be related to Kelp's choice of a 1/1 DVN configuration, where cross-chain messages only require a single validator signature to pass through, which is the weakest security level allowed by LayerZero.

Back in January 2025, a development team had already reminded Kelp on the Aave governance forum that it should be extended to multiple DVN verifications. Fifteen months later, the second DVN has still not been added.

Bridge reserves are more vulnerable to single-point-of-failure issues than single-chain contracts. However, under pressure to expand market share, LRT generally opts for OFT-style rapid multi-chain deployment rather than the slower but more secure native minting path.

Speed brought market share, but it also led to this bill today.

Aave's bad debts are the real bleeding point.

The $292 million is not just a problem for Kelp alone; the real structural risks unfolded in the latter part of the attack.

The attackers deposited the stolen rsETH into DeFi lending platforms such as Aave V3, V4, Compound V3, and Euler, using it as collateral to lend out WETH/ETH. On Aave alone, they lent out approximately $196 million, bringing their total debt position to over $236 million.

On-chain tracking data shows that the attackers have consolidated approximately 74,000 ETH into a single address, of which approximately $250 million has been converted into ETH.

The collateral for these lending positions, rsETH, was emptied of its underlying mainnet Adapter reserves the moment it was deposited into Aave.

Since the collateral itself lacks real value and cannot be disposed of through normal liquidation mechanisms, Aave's WETH lending pool directly bears the bad debts.

The Aave team initially stated that they would use the Umbrella safety reserve to offset the deficit should bad debts occur, but later changed their wording on X to "explore paths to offset the deficit," subtly backing down.

The cost of the lending agreement whitelisting LRT is being priced into balance sheets today.

The whitelist of LRT collateral should be rewritten.

In addition to Aave, SparkLend and Fluid simultaneously froze the rsETH market. Upshift suspended deposits and withdrawals to the High Growth ETH and Kelp Gain vaults.

Lido Earn has suspended further deposits due to earnETH's exposure to rsETH, while emphasizing that the core protocols of stETH and wstETH are unaffected.

Ethena has no exposure to rsETH and, out of caution, has suspended its LayerZero OFT bridge for approximately 6 hours. At least 9 protocols have triggered emergency responses.

The fact that the chain of infection spread to such a dense number of nodes within hours is not due to a risk control failure of a single protocol, but rather a direct result of the over-combination of LRT as collateral.

The longer the returns accumulate, the more layers of staking, re-staking, cross-chain deployment, and lending collateral are added, meaning another trust assumption is implicitly accepted. When the reserves of the bottom-level Adapter are depleted, the entire chain becomes unbalanced.

Previously, Kelp experienced an over-minting incident in April 2025 due to a bug in its fee contract, at which time user funds were unharmed. A year later, it proved in a more costly way that the risks of LRT do not come solely from the smart contracts themselves, but from the "efficiency assumptions" that are repeatedly staked, crossed across chains, and combined throughout the DeFi stack.

In the first four months of 2026, DeFi attacks resulted in losses approaching $1 billion, with Drift and Kelp contributing two separate incidents exceeding $280 million each.

Following this incident, all lending agreements should exercise caution when dealing with LRT-type assets, and at least reduce their collateral requirements.