Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
On the afternoon of April 18, 2026, a single function call to a layer zero contract unlocked what would become the largest DeFi exploit of the year. Within 46 minutes, 116,500 rsETH tokens worth approximately $293 million had been stolen from Kelp DAO, converted into clean borrowed ETH across three major lending protocols, and the contagion had already begun spreading outward through the interconnected architecture of decentralised finance. By the time the dust settled, more than $10 billion in total value locked had been wiped from the sector.
This was not a flash loan attack. It was not a smart contract vulnerability. It was not even particularly novel in its construction. What the Kelp DAO exploit exposed was something more uncomfortable: a foundational architectural decision, widely known and widely ignored, finally reaching the attacker it had always been waiting for.
What Is rsETH and Why Did It Matter?
To understand the scale of the damage, you need to understand what rsETH actually represents. Kelp DAO is a liquid restaking protocol built on EigenLayer. Its flagship token, rsETH, represents ETH that has been deposited, staked, and then restaked across additional security services in order to generate layered yield. Liquid restaking tokens, or LRTs, became one of the most aggressively marketed yield primitives in DeFi across 2024 and 2025, attracting billions in deposits on the core promise that the underlying ETH remained fully recoverable.
The 116,500 rsETH tokens stolen in the April 18 attack represented roughly 18% of the entire circulating supply. Every single token was supposed to be backed one-for-one by ETH held in Kelp’s reserves. That backing assumption was the entire foundation on which lending protocols like Aave had agreed to accept rsETH as collateral.
How the Bridge Was Broken
To move rsETH between Ethereum mainnet and other chains including Uni Chain, Kelp deployed an omnichain fungible token adapter built on LayerZero, the dominant cross-chain messaging protocol in the space. The integrity of that bridge depends on a component called the Decentralised Verifier Network, or DVN, which is a set of independent validators whose job is to confirm that a transaction on the source chain actually occurred before the destination chain releases any tokens.
LayerZero permits protocols to configure how many DVN signatures are required to validate a cross-chain message, and the framework allows configurations down to a single signature from one validator. Kelp DAO, despite securing close to a third of a billion dollars in bridged collateral, had chosen that minimum configuration. One signing key. One entity. One point of failure.
Slowmist, the security firm that performed the post-incident analysis, described this as the weakest security level the LayerZero framework permits. More damaging still, governance forum references from Aave dating back to January 2025 had specifically flagged this single-validator risk when rsETH was first being evaluated as collateral. The concern was acknowledged, debated, and then set aside by the very protocols that would later absorb the consequences.
The Attack Itself
Roughly ten hours before execution, the attacker funded nine separate operational wallets through Tornado Cash using the standard 1 ETH mixing pool, depositing approximately 0.0978 ETH into each address as gas. The preparation was methodical and the execution was precise.
At the moment of the exploit, the attacker called commit verification on the DVN verifier contract using a compromised signing key, planting a forged attestation claiming that a legitimate deposit had taken place on Uni Chain. Seconds later, they invoked the LZ receive function on LayerZero’s endpoint contract, delivering a payload that impersonated a deposit instruction from Kelp’s peer contract on the source chain. The mainnet adapter, seeing what appeared to be a fully attested cross-chain message, released the entire stolen position from escrow.
No ETH was ever locked or burned on Uni Chain. The tokens were, for all practical purposes, generated from nothing. The smart contracts themselves functioned exactly as designed. The verification logic was the flaw.
Converting Stolen Tokens Into Clean Capital
What came next demonstrated a level of tactical sophistication well beyond a smash-and-grab approach. Dumping 116,500 rsETH directly onto the open market would have crashed the price within minutes, triggering every monitoring tool in the industry and generating catastrophic slippage. Instead, the attacker deposited the entire stolen position as collateral across Aave v3, Aave v4, Compound v3, and Oiler simultaneously, then borrowed over $236 million in wrapped ETH directly from the lending pools.
Clean, liquid, fully fungible ETH walked out the front door. The rsETH positions were left behind as unrecoverable bad debt for the protocols to absorb. This pattern of laundering stolen illiquid collateral through lending markets is becoming the signature methodology of sophisticated DeFi exploits. It converts an unstable asset into capital that can move freely anywhere on-chain.
The Bank Run That Followed
Kelp DAO’s emergency multisig executed the pause-all function at 18:21 UTC, exactly 46 minutes after the first malicious transaction settled. That decision proved decisive: two follow-up attempts by the attacker to drain an additional 40,000 rsETH each were blocked by the active pause, preventing what would have been several hundred million dollars in further losses.
But the contagion had already escaped the protocol boundary. Aave’s governance had previously approved rsETH as collateral with a loan-to-value ratio of approximately 93%, leaving a buffer of only seven percentage points before a position became undercollateralised. Under normal market conditions that margin is defensible because liquidators can seize collateral before bad debt accumulates. When the underlying asset’s redemption infrastructure is compromised entirely, no liquidator on earth has any economic incentive to seize tokens worth a fraction of the borrowed sum. The buffer collapses instantly.
Prominent governance voices and Solidity auditors began publicly urging withdrawals within minutes of the exploit being confirmed. What followed was a textbook bank run. Between $5.4 and $6.6 billion in ETH was pulled from Aave in a matter of hours, pushing pool utilisation to 100% and temporarily freezing legitimate withdrawals for users who had no exposure to rsETH whatsoever. Aave’s TVL collapsed from $26.4 billion to roughly $20 billion in a single trading session. Bad debt estimates across Aave alone reached somewhere between $177 and $200 million, climbing past a quarter of a billion once Compound and Oiler exposures were included. The Aave token fell more than 20% across two trading days against an ETH market that declined less than 3% in the same window.
SparkLend, Fluid, and Upshift all froze their rsETH markets. Lido paused deposits into its earn ETH product. Athena halted its own LayerZero bridges as a precautionary measure despite having no direct exposure. Total DeFi TVL bled out by more than $10 billion in roughly 24 hours.
The Architectural Problem That Cannot Be Patched Away
The mechanism exploited on April 18 was not a code defect in the traditional sense. It was a deliberate configuration choice: one signing key protecting close to a third of a billion dollars in bridged collateral, layered beneath an entire stack of lending protocols that had accepted the resulting tokens with virtually no safety buffer. Every liquid restaking token currently deployed as collateral in a lending market inherits the full security profile of the bridge that minted it. Every bridge built on the OFT standard with a minimal DVN configuration is, in effect, a rehearsal for this exact exploit.
The composability that makes DeFi powerful, the ability for one protocol’s output to become another protocol’s input seamlessly, is the same property that turns a single bridge failure into a multi-billion dollar ecosystem-wide rupture in under four hours. That is not a bug. It is a feature operating exactly as designed, just with an adversarial input.
Combined with the Drift Protocol exploit on April 1, which extracted $285 million from the Solana ecosystem at the hands of North Korean operators, April 2026 has now recorded over $600 million in DeFi losses before the month is even finished. The structural conditions that produced both incidents remain entirely unchanged.
Related reading: The Drift Protocol Exploit: North Korea’s $285 Million Solana Heist (internal)
Kelp DAO has opened a 24-hour white hat negotiation window with the attacker, offering a percentage of the take in exchange for the return of the bulk of the funds. The surviving protocols may eventually emerge with tighter LTV caps, mandatory multi-DVN configurations, and more conservative collateral onboarding standards. But the cost of that lesson is being borne almost entirely by the depositors who assumed the system was already safe. In a space that has now endured enough nine-figure losses to fund a mid-sized nation’s infrastructure budget, that pattern is becoming difficult to characterise as growing pains.
