The KelpDAO Hack: Anatomy of a DeFi Breakdown

Exploit: Late Saturday night, the DeFi ecosystem was hit by another major exploit. By compromising the infrastructure of the cross-chain protocol LayerZero, an attacker minted 116,000 unbacked rsETH tokens from the restaking protocol KelpDAO. Rather than selling them on a decentralized exchange, which would have crashed the price and limited the payout, the attacker deposited them as collateral on Aave and borrowed ~$190 million in ETH against them. Five days later, a coordinated industry effort has already closed around 80% of the resulting shortfall.

• Why it matters: The incident marks the second nine-figure DeFi hack in the past three weeks. On April 1, Solana-based protocol Drift was exploited for around $285 million, bringing the total amount exploited this month to more than $500 million. For perspective, both incidents rank among the ten largest exploits in DeFi’s eight year history.
• Known perpetrator: As in many high-profile DeFi attacks, the attacker is reportedly linked to the North Korean state-backed Lazarus Group.

How it happened: This time, the weak point was the configuration of KelpDAO’s cross-chain bridge, which is used to move its restaking token rsETH across chains. Through a sophisticated attack, the attacker submitted a forged message to the bridge, releasing around 116,000 rsETH (~18% of circulating supply) on Ethereum without burning any corresponding tokens on the source chain.

• Draining Aave: The attacker then quickly deployed the stolen funds on Aave across multiple chains, using them as collateral to borrow ~$190 million in ETH from the protocol.

Immediate response: To limit contagion, Aave froze its rsETH and ETH markets across all chains and disabled new deposits and borrows for these assets. This effectively locked user funds in the protocol, some of which remain frozen pending a resolution. To protect leveraged ETH positions and avoid excessive losses, the protocol also artificially lowered interest rates.

Liquidity crunch: But the freezes weren't enough to prevent what followed. In Aave V3, all lenders supply into a shared liquidity pool, from which any borrower can draw regardless of the collateral they post. As news of the exploit spread, this design set off the following dynamic:

• Depositors began withdrawing their ETH as a precaution.
• As available ETH liquidity approached zero, remaining depositors borrowed stablecoins against their positions to effectively exit Aave.
• This, in turn, drained Aave’s stablecoin liquidity on Ethereum.

Trapped depositors: As of today, roughly $8 billion in Aave positions across ETH, USDC, and USDT are effectively trapped in the protocol, including funds from lenders who never had any connection to rsETH.

Arbitrum intervenes: The first step towards recovery came from an unexpected direction. A significant portion of the stolen rsETH had been deposited on Aave’s Arbitrum market, where the attacker borrowed additional ETH. On Monday night, Arbitrum’s Security Council invoked its emergency powers for the first time in the Layer-2's history, freezing roughly 30,000 ETH (~$70 million) linked to the attacker.

Blame games: While much of the industry agreed with Arbitrum’s decision, views diverged sharply on who should bear primary responsibility for the actual attack:

• Some, including KelpDAO, place the blame on LayerZero, arguing it did not push strongly enough for a more secure configuration of the rsETH bridge.
• Others, such as LayerZero, reject this framing and instead point to weaknesses in KelpDAO’s security setup.
• Aave has also come under scrutiny, as its risk teams did not assess the bridge’s configuration before allowing rsETH to be used as collateral.

Ripple effects: This misstep may have contributed to one of the largest capital flights in Aave’s history. Since the attack, the leading DeFi lending platform has seen around $12 billion in outflows, or roughly 46% of its TVL. While other major lending protocols such as Morpho were also marginally affected — despite having limited direct exposure to rsETH — one protocol stood out by attracting fresh inflows: Spark. Over the past few days, the protocol attracted $1.2 billion in deposits, 40% of which can be attributed to capital that left Aave.

DeFi’s TVL, Winners, and Losers since Sunday. Source: DefiLlama

A safe haven? One explanation lies in how Spark managed the market stress. Beyond having no exposure to rsETH, the protocol demonstrated stronger liquidity management, continuing to provide stablecoin liquidity while others faced constraints.

What’s next: Yesterday, leading DeFi and DAOs protocols launched "DeFi United," a coordinated effort to restore rsETH's backing and prevent losses for depositors. The shortfall stands at roughly 118,400 ETH. Within 48 hours, contributions from Mantle (30,000 ETH), Ether.fi (5,000 ETH), Aave founder Stani Kulechov personally (5,000 ETH), Lido (2,500 stETH), and others, combined with the Arbitrum freeze and recovered collateral, have narrowed the gap to an estimated 23,600 ETH. It is the largest coordinated rescue effort in DeFi history, and it is not done yet.

Ernesto Olmedo Pereira is Head of Strategy & DeFi at Qivalis, the European banking consortium aiming to launch a euro-denominated stablecoin in the second half of 2026. The initiative brings together 12 banks, including BNP Paribas, ING, DekaBank, and UniCredit.

Do recent exploits affect TradFi’s confidence in DeFi?

I don’t think so. For many institutional players, this space is still seen as experimental, so incidents are not entirely surprising. What is harder to ignore, however, is the scale. When more than $500 million is stolen within a matter of weeks by a state-backed actor, the narrative shifts. It moves beyond “DeFi has bugs” to “DeFi is a major target for nation-state attacks,” and that has consequences for how regulators and institutions assess the space.

That is exactly why we believe the focus for DeFi now has to be on learning from TradFi. One key area is risk management. Many protocols today are highly sophisticated on the technical side but often lack the risk expertise that is standard in traditional finance, especially in how counterparty risks are evaluated.

There is also a broader gap when it comes to operational standards. In TradFi, frameworks such as DORA in Europe define clear expectations around resilience, governance, and incident handling. In DeFi, comparable structures are still largely missing.

Closing these gaps is a core priority for us, which is why we continue to actively engage with major DeFi players and invite them to collaborate.

Chris Cameron is Economics Lead at MegaETH, a high-performance Ethereum Layer-2.

What second-order effects on the DeFi ecosystem do you expect this exploit to have?

I expect to see much more focus on explicitly defining claim structures and seniority. In the case of rsETH, it was never clearly specified whether mainnet rsETH and its bridged versions are pari passu or whether one has a senior claim over the other. That ambiguity is now at the core of the conflict.

At a higher level, the situation will lead to a broader maturation of disclosure frameworks in DeFi. In traditional markets, 80-page prospectuses exist because every edge case has already happened to someone over the last hundreds of years. This is also what enables more orderly resolution processes like bankruptcy proceedings, where parties come together and claims are worked through based on clearly defined priorities. DeFi is now simply repeating TradFi's learning process.

Phil Fogel is Co-Founder of Cork Protocol, a programmable risk layer for onchain assets.

How do you expect the rsETH exploit to impact the DeFi lending landscape?

In the near term, protocols are likely to become more conservative, tightening collateral frameworks and becoming more selective in what they list. This reduces borrowing demand and, in turn, puts pressure on yields.

On a longer timeframe, I think such tail risk events will push the ecosystem to reassess how risk is currently expressed and priced in DeFi. Right now, all risks are effectively bundled into a single APY. That one number incorporates liquidity risk, collateral risk, smart contract risk, and tail risk.

For a more mature system, that is not sufficient. You need the ability to break risk down and make it tradable, so that different participants can take on different parts of that risk. That creates a clearer distinction between safe yield and risky yield, and allows investors to choose positions that match their risk profile.

Isaac Patka is a Lead at the Security Alliance (SEAL), a nonprofit focused on crypto cybersecurity, incident response, and open-source security standards. The organization was also closely involved in the handling of the rsETH exploit.

Is there a credible path to making DeFi systems resilient against persistent, high-capital attackers?

Absolutely. That path starts with understanding where attack vectors actually sit today.

The rsETH exploit made this very clear. While risk management played a role, the real vulnerabilities now sit in key management, bridge configurations, and the APIs and RPC endpoints that connect systems. These layers are harder to see, harder to audit, and often treated as secondary. The result is a growing class of systems that are technically secure onchain, but fragile at the edges where integrations and operations live.

At the same time, many protocols are still designed in a way where things can unravel in an instant. Entire systems can flip upside down in a single transaction because basic controls are missing. Rate limits, circuit breakers, time delays, and independent data verification are necessary to contain damage. This may introduce some UX frictions, but if it helps to avoid total losses, it is a trade-off worth taking.

All of this is to say that DeFi needs to take operational security more seriously. Some teams do this well, but across the ecosystem it remains inconsistent and often deprioritized. After an exploit, my inbox fills up with protocols asking for help to review their setups. A few weeks later, that urgency fades. That cycle needs to break if DeFi wants to be taken seriously by larger allocators.

Nicholas Cannon is Chief Business Officer at Gauntlet, a leading crypto risk curator that currently manages around $1 billion in client assets.

How will increasing regulation and security requirements shape the structure of DeFi going forward?

As we move towards more permissioned markets, more security features, more safeguards, and more circuit breakers, you'll also see a consolidation across the stack. There's historically been too much fragmentation of the DeFi Legos.

We're also realizing that going end-to-end on security and compliance monitoring, reporting, and circuit breakers is also something that will fuel the next wave of onchain adoption from off-chain fintechs, exchanges, custodians, and eventually TradFi institutions.