Eight days on from the largest DeFi exploit of 2026, the KelpDAO rsETH incident is no longer a single-protocol emergency — it has become a test of whether decentralised finance can collectively absorb a state-sponsored nine-figure attack. The answer, so far, is cautiously yes — but the gap is still enormous.
KelpDAO has recovered 73,700 ETH from the rsETH incident, reducing the total shortfall from 163,200 ETH to approximately 89,500 ETH.
The coalition behind that effort — branded "DeFi United" — now includes Aave, Mantle, Lido, EtherFi, the Golem Foundation, Frax Finance, and Aave founder Stani Kulechov personally.
Collectively, commitments have surpassed 43,000 ETH, demonstrating a rare display of cross-project solidarity in the wake of the breach.
Here is the full picture: what happened, who bears the losses, and what the recovery actually looks like.
What Happened — The Attack in Brief
At 17:35 UTC on Saturday, April 18, 2026, someone minted 116,500 rsETH on Ethereum mainnet that had no backing behind it — roughly 18% of KelpDAO's entire circulating supply, worth about $292 million at the time the forged LayerZero packet cleared.
This was not a smart contract vulnerability. There was no reentrancy bug, no missing access check, no price oracle sleight-of-hand. The KelpDAO incident is something arguably more dangerous: an attack on the off-chain verification layer on which many cross-chain protocols depend.
The mechanics were precise.
The attacker hacked two RPC nodes, deployed malware to feed false transaction data exclusively to LayerZero's verifier while maintaining honest responses to monitoring systems, then DDoS'd legitimate RPC endpoints to force the verifier to rely on the poisoned nodes.
Once the verifier signed off on a fabricated transaction, the bridge released $290M in unbacked rsETH before the malware self-destructed and deleted all traces.
Rather than dumping the stolen rsETH on the open market, which would have crashed its price immediately, the attacker deposited it into Aave V3 as collateral and borrowed approximately $236 million in wrapped ether against it.
Kelp's emergency pauser multisig froze the protocol's core contracts 46 minutes after the successful drain, at 18:21 UTC. Two follow-up attempts at 18:26 UTC and 18:28 UTC both reverted, each carrying the same LayerZero packet attempting another 40,000 rsETH drain worth roughly $100 million.
Attribution: Lazarus Group
LayerZero's incident statement confirmed that KelpDAO was exploited for approximately $290M, with preliminary indicators suggesting attribution to a highly-sophisticated state actor — likely DPRK's Lazarus Group, more specifically TraderTraitor.
Lazarus Group has been linked to the Drift Protocol exploit on April 1 and now Kelp on April 18, meaning the same North Korean unit has drained more than $575 million from DeFi in 18 days through two structurally different attack vectors: social engineering governance signers at Drift and poisoning infrastructure RPCs at Kelp.
The group is adapting its playbook faster than DeFi protocols are hardening their defences.
The Blame War: Kelp vs. LayerZero
LayerZero's post-mortem pinned responsibility squarely on configuration choices.
Their OApp configuration at the time relied on a 1-of-1 DVN setup, with LayerZero Labs as the sole verifier — a configuration that directly contradicts the multi-DVN redundancy model that LayerZero has consistently recommended to all integration partners. Operating a single-point-of-failure configuration meant there was no independent verifier to catch and reject a forged message.
KelpDAO pushed back.
KelpDAO disputed LayerZero's account, claiming that the compromised single-verifier setup relied on LayerZero's own infrastructure and defaults rather than an outlier configuration it chose against advice.
When integrating with LayerZero, Kelp relied on LayerZero's documentation, their defaults, and their team's guidance to make configuration decisions, the source claimed.
The broader research community was not buying LayerZero's framing either.
Some security researchers say LayerZero's public documentation and deployment code promote single-source verification across major chains, undercutting the firm's claim that Kelp ignored guidance to adopt multi-verifier redundancy.
About 40% of protocols used the same setup, raising concerns over systemic risk tied to default configurations.
As such, LayerZero has said it will no longer sign messages for any application running a single-verifier setup, forcing a protocol-wide migration.
The policy change is arguably the most consequential downstream consequence for the broader LayerZero ecosystem — and raises legitimate questions about how many other OFT deployments are, or were, exposed.
The protocol's post-mortem suggested migrating all applications with 1-of-1 DVN configurations to multi-DVN setups. However, analysts have pointed out that multi-verifiers won't necessarily stop the next multi-million-dollar attack, asserting that they could fail as all DVNs read chain states from the same handful of RPC providers.
The deeper architectural question — who controls the infrastructure those verifiers read from — remains unresolved.
Contagion: How Aave Absorbed the Blow
Aave faced an estimated $124 million to $230 million in potential bad debt tied to the drained tokens, and Aave's total value locked fell 33% within 72 hours.
In the 24 hours after the hack, whales rapidly pulled more than $6 billion from Aave, pushing major pools like ETH, USDT and USDC to 100% utilisation and effectively trapping remaining depositors' funds. Stranded users then borrowed roughly $300 million against their own locked stablecoin deposits at steep losses.
Users who staked aWETH in the Umbrella vault now face automatic slashing to cover the losses — the first real-world test of the mechanism since it replaced Aave's legacy Safety Module in late 2025.
Lido Finance paused further deposits into its earnETH product, which carries rsETH exposure, while clarifying that stETH and wstETH remain unaffected. Ethena temporarily paused its LayerZero OFT bridges from Ethereum mainnet as a precautionary measure, stating it holds no rsETH exposure and remains more than 101% overcollateralised.
The restaking contracts didn't fail. The EigenLayer delegations are still intact. Mainnet rsETH is still backed by the legitimate user deposits sitting in KelpDAO's node delegators.
The damage was isolated to the bridge adapter — which is either reassuring or irrelevant, depending on how illiquid your position currently is.
Arbitrum Freezes $71M in Attacker Funds
Arbitrum's Security Council froze 30,766 ETH, worth about $71 million, linked to the $292 million rsETH exploit, placing the funds in a governance-controlled wallet. The emergency action was taken with input from law enforcement and without affecting other Arbitrum users or applications.
The freeze recovers roughly a quarter of the stolen assets and intensifies the dispute between Kelp and bridge provider LayerZero over responsibility for the hack and how remaining losses should be shared.
On-chain analysts have also reported that the KelpDAO attacker swapped all $175 million worth of stolen ETH into BTC through THORChain and other venues.
The speed of that conversion narrows the practical window for further on-chain recovery.
DeFi United: Who Has Committed What
Aave and several major crypto firms are coordinating a recovery effort to stabilise DeFi markets after the $292 million exploit. The initiative, dubbed "DeFi United" and led by Aave service providers, is aimed at restoring the backing of rsETH.
Over 43,500 ETH in commitments have come from key players like Aave, Mantle, and Lido Finance to support recovery efforts.
Here is where the major commitments stand:
| Contributor | Commitment | Structure |
|---|---|---|
| Aave DAO | 25,000 ETH (proposed) | Treasury allocation — ARFC pending vote |
| Mantle Treasury | 30,000 ETH (proposed, MIP-34) | Structured loan, 36-month term, ~Lido yield +1% APR |
| EtherFi Foundation | 5,000 ETH | Direct contribution |
| Stani Kulechov (personal) | 5,000 ETH | Direct contribution |
| Lido DAO | Up to 2,500 stETH | Capped, conditional on full recovery package |
| Golem Foundation | 1,000 ETH | Direct contribution |
| Frax Finance | TBC | In discussion |
Aave DAO's 25,000 ETH proposal:
The Aave DAO is considering a proposal to allocate 25,000 ETH from its treasury to the ongoing DeFi United recovery efforts to help close the funding gap created by the rsETH incident. Aave said in a post on X that its service providers had published a governance proposal for the DAO to contribute 25,000 ETH to DeFi United. The protocol said the ETH contribution would go toward restoring rsETH's backing and normalising market conditions as quickly as possible.
Mantle's 30,000 ETH loan — with a governance catch:
The proposal, if passed, would authorise Mantle Treasury to lend up to 30,000 ETH to Aave DAO, to be used exclusively for resolving the rsETH bad debt on Aave V3, with Mantle Treasury receiving a yield on the loan.
If accepted, the proposal would grant Mantle a governance foothold in Aave, allowing the rival network to participate in voting with 130,000 delegated AAVE tokens.
If approved, it would be one of the largest inter-protocol bailouts in DeFi history.
Read the terms carefully: this is structured finance, not charity.
Lido's conditional contribution:
Lido's 2,500 stETH allocation would only be made available as part of a fully funded recovery package intended to close the rsETH deficit in full. The DAO said it does not want the contribution used for a partial recovery that still leaves users exposed to residual losses.
Aave's Marc Zeller has also proposed an alternative structural mechanism:
Instead of asking for donations, create a dedicated vault called "DeFi United ETH," redirecting Aave's WETH income into the vault with a capped annual yield of 5%. The proposal also includes tokenising the vault deposits into a tradable asset named "AaveETH," allowing users to participate and gradually cover the deficit through both interest and principal repayments.
The Bad Debt Picture
The range of estimates matters.
According to Aave, if losses are socialised across all rsETH holders, the total bad debt is estimated at approximately $124 million, mostly absorbed by the Ethereum Core markets. In a more severe scenario where losses are isolated to layer 2, bad debt could exceed $230 million and leave a heavy impact on networks like Mantle and Arbitrum.
The Aave DAO treasury holds approximately $181 million — enough to absorb the lower bound, but not the upper, and only at the cost of depleting reserves the protocol may need for other contingencies.
The structural question of who ultimately bears losses — rsETH holders at large, Aave lenders, or bridged-chain token holders specifically — is still being worked out in governance forums.
Unconfirmed analyst estimates suggest bridged-chain rsETH holders could face a 15% to 20% haircut under a selective recovery plan.
What Chainalysis Found
KelpDAO successfully paused contracts to block a second $95 million theft, and the Arbitrum Security Council, coordinating with law enforcement, froze over 30,000 ETH of the attacker's downstream funds.
This was not a smart contract vulnerability — no reentrancy bug, no missing access check, no price oracle manipulation. The KelpDAO incident is something arguably more dangerous: an attack on the off-chain verification layer on which many cross-chain protocols depend.
Chainalysis, which is working with law enforcement and Arbitrum on the frozen funds, has framed this as a class of exploit that requires a fundamentally different monitoring posture. The attack looked clean on-chain.
On-chain, the transactions looked clean. Messages were relayed, signatures verified, and 116,500 rsETH moved out of a LayerZero-based bridge contract on Ethereum. Nothing about the calldata itself signalled an exploit.
What Audits Missed — And Why
The bridge adapter code is standard LayerZero OFT boilerplate; there is nothing wrong with the contract. The fault is in the deployment configuration, which sits outside the usual scope of a Solidity audit. Config reviews are a much newer discipline, and this exploit is going to accelerate that market considerably.
This is an important distinction for the DeFi security landscape. Smart contract audits — the current standard of care — do not catch infrastructure-level configuration risks. The question of who is responsible for auditing deployment configurations across composable, multi-chain protocols is now live in a way it was not before April 18.
Security researchers have noted the attack vector raises unanswered questions about how the attacker obtained the RPC node list and achieved root-level access to production infrastructure, suggesting either a prior unreported LayerZero compromise, a breached deployment pipeline, or insider access rather than a Kelp-side misconfiguration.
Status Snapshot — April 26, 2026
| Item | Status |
|---|---|
| rsETH contracts | Paused across affected chains |
| Withdrawals and redemptions | Unavailable while bridge pathways remain paused |
| Arbitrum-frozen funds | 30,766 ETH in governance-controlled wallet |
| Attacker's remaining ETH | Converted to BTC via THORChain and other venues |
| Aave WETH markets | Partially frozen; elevated utilisation |
| Aave bad debt (estimated range) | $124M–$230M depending on socialization scenario |
| DeFi United commitments | 43,500+ ETH confirmed; further commitments pending governance votes |
| Remaining recovery gap | ~89,500 ETH |
| KelpDAO post-mortem | Not yet published |
| LayerZero DVN policy | 1-of-1 configurations banned; ecosystem migration underway |
| Lido DAO vote | Open; deadline April 26, 2026 |
What to Watch Next
Several decisions are converging this week that will shape the recovery trajectory:
- Lido DAO vote closes today (April 26).
The Lido community is currently voting on the $6M relief fund plan. If the vote passes, the money will go to a relief vehicle to fill the hole left by the hackers.
- Aave DAO governance vote on the 25,000 ETH treasury allocation — outcome will determine the protocol's direct financial exposure to the recovery.
- Mantle MIP-34 requires approval on both sides.
For Aave, the calculation is whether accepting Mantle's terms — a rival L2's governance voice, 5% of protocol revenue, and collateralised AAVE tokens — is preferable to socialising the loss across the protocol or drawing more heavily on the treasury.
- KelpDAO's full RCA and compensation framework remain unpublished. Until the root-cause analysis appears, the forensic question of whether this was purely an infrastructure attack or involved any Kelp-side operational failure remains open.
- LayerZero's forced 1-of-1 migration will push dozens of OFT deployments to reconfigure. How that process is managed — and whether any reconfiguration reveals additional exposed pathways — is the next systemic risk to monitor.
This is the second time in 2026 that an LRT collateral accepted on Aave has produced a nine-figure incident downstream of a non-Aave failure.
Whether that pattern changes how DeFi lending protocols approach LRT collateral risk — concentration limits, real-time bridge monitoring, dual-DVN requirements — is the structural question that outlasts this particular incident.
This article will be updated as governance votes conclude, additional commitments are formalised, and KelpDAO's post-mortem is released.