Kelp DAO, a liquid restaking protocol on EigenLayer suffered a major exploit on April 18, 2026. Attackers drained approximately $280M–$293M worth of rsETH, its liquid restaking token. The vulnerability was in Kelp DAO’s rsETH cross-chain bridge powered by LayerZero.
The attacker drained ~116,500 rsETH — roughly 18% of the token’s circulating supply. They then used the stolen or unbacked and forged rsETH as collateral on lending protocols like Aave V3 on Ethereum and Arbitrum to borrow large amounts of ETH and WETH.
Funds were routed through Tornado Cash to obscure the trail. This created bad debt on Aave and other platforms, as the rsETH collateral turned out to be worthless or unbacked once the exploit was discovered. The incident is now considered the largest single DeFi exploit of 2026 so far.
Immediate Aftermath
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Kelp DAO paused its rsETH contracts and bridge across Ethereum mainnet and multiple L2s. Aave, SparkLend, Fluid, and other protocols froze related markets to prevent further losses. Aave’s WETH suppliers faced potential losses from bad debt; Aave’s Umbrella safety module is expected to help cover some of it.
The $AAVE token price dropped sharply reports of 10–15% in hours due to contagion fears. Wrapped ETH became stranded or frozen across ~20 chains due to the omnichain nature of the bridge. This highlights ongoing risks with cross-chain bridges and omnichain fungible tokens (OFTs), especially those relying on default LayerZero configurations.
Some analysts are warning that similar setups on other protocols could be at risk if the root cause involves compromised signers or misconfigurations. It also follows other big exploits in April 2026 like the Drift Protocol’s ~$280M incident earlier in the month, adding to DeFi’s rough start to the year.
~18% of rsETH supply (116,500 tokens) was drained via the LayerZero-powered cross-chain bridge and adapter. This created unbacked or fake rsETH on multiple chains. Kelp paused rsETH contracts, minting and burning, and bridges across Ethereum mainnet and several L2s to contain further damage.
Holders of rsETH especially on non-mainnet chains now face uncertainty: their tokens may lack full backing, leading to redemption pressures, depegging risks, or forced unwinding of underlying restaked positions in EigenLayer.
Kelp’s TVL previously over $1B in ETH LRTs will likely drop sharply. The protocol is investigating with LayerZero and security experts; recovery is uncertain, as funds were routed through Tornado Cash. The attacker used stolen and unbacked rsETH as collateral on Aave V3/V4, borrowing large amounts of WETH/ETH. This left ~ $290M in bad debt on Aave’s WETH pools, as the collateral is now effectively worthless or unliquidatable.
Aave froze rsETH markets immediately to stop new exposure. WETH suppliers are being urged to withdraw positions, as partial haircuts or delays may occur while Aave’s Umbrella safety module handles the deficit. This is a major real-world stress test for Umbrella. Other protocols affected: SparkLend, Fluid, and at least 7–9 more froze rsETH-related markets or positions. Wrapped ETH became stranded across ~20 chains due to the omnichain setup.
AAVE token dropped ~10–13% amid fears of losses and broader contagion. No direct compromise of Aave’s contracts, but the event shows how external collateral failures can cascade. Cross-chain bridge vulnerabilities are back in focus. The exploit reportedly involved a misconfiguration or single-verifier issue in LayerZero’s OFT. This highlights catastrophic failure modes in default bridge configurations and composability risks.
Liquid restaking (LRTs) like rsETH face renewed scrutiny. Assumptions that these tokens are blue-chip collateral widely used on Aave for yield loops have been challenged. Protocols will likely tighten risk parameters for restaked assets, potentially reducing TVL and yields across EigenLayer participants. This is the largest single DeFi exploit of 2026 so far, surpassing or rivaling Drift Protocol’s $285M incident earlier in April.
Combined with other hacks, Q1/Q2 2026 has seen heavy losses; $600M+ in recent weeks, eroding confidence. ETH dipped ~3–4%; Polymarket odds on ETH price targets shifted lower as traders reassess DeFi exposure. Restaking sector sentiment is hit hard. Expect audits/reviews of LayerZero integrations, multi-verifier requirements for bridges, and stricter collateral onboarding in lending protocols. AI tools are noted as lowering barriers for sophisticated attacks.
This is a painful reminder of interconnected risks in DeFi — one bridge flaw can ripple through lending, restaking, and multiple chains. Short-term: volatility, frozen positions, and potential small losses for some suppliers. Long-term: likely leads to more conservative risk management and improved bridge standards.
If you hold rsETH, have exposure to Aave WETH pools, or use any Kelp-related bridges, check your positions and follow official updates from Kelp DAO and the affected protocols. On-chain sleuths like ZachXBT were among the first to flag it.