An attacker tricked KelpDAO's cross-chain bridge into releasing 116,500 rsETH worth around $292 million, used the tokens as collateral on Aave and borrowed wrapped ether before the bridge was frozen. Aave is left with an estimated $200 million in irrecoverable bad debt.
The incident illustrates how complex DeFi products create new forms of contagion risk. Aave's code was not hacked — the loss occurred because the protocol's governance had accepted a token issued by a completely different protocol, dependent on a bridge Aave does not control. When the bridge was exploited, the vulnerability propagated directly to Aave's balance sheet. For institutional actors considering exposure to DeFi — including Nordic and Baltic actors who follow the space closely — this is a reminder that risk in the sector is not just about code audits, but about how different protocols are interconnected.
Image: Aave is established and led by Stani Kulechov.
KelpDAO operates a bridge that moves tokens between different blockchains and issues rsETH — in practice a digital receipt for staked ether, which yields returns from both ordinary Ethereum staking and from EigenLayer, a system where the staked ether is reused to secure other protocols. The bridge is built on infrastructure from LayerZero, a protocol that allows DeFi applications to send messages and values between blockchains. According to blockchain researcher Stacy Muur, the attacker exploited a single weak point: a fake message caused the bridge to release rsETH on Ethereum without corresponding tokens being withdrawn from circulation on Unichain, a faster and cheaper network built on Ethereum.
With 116,500 rsETH in hand, the attacker deposited the tokens into Aave as collateral and borrowed wrapped ether (WETH) — a fully backed ether token with real market value. When KelpDAO discovered the attack and paused rsETH contracts on Ethereum and several related networks, the damage was already done. Aave was left with collateral without underlying value, while the WETH was already borrowed and gone. Because the collateral is worthless, the protocol cannot forcibly liquidate the position to cover the loss.
Total deposits in Aave fell by $6.6 billion in 24 hours. All lent ether was already lent out, so there was nothing left for regular users to withdraw. The AAVE token fell 18%. When users couldn't withdraw their deposits, many began borrowing stablecoins against them instead — which further intensified liquidity pressure. The withdrawal wave spread quickly to DeFi protocols not directly affected: according to 0xngmi, co-founder of data provider DefiLlama, $6.2 billion was net withdrawn from Aave alone during Sunday morning.
Aave's Umbrella system, which replaced the old Safety Module in late 2025, is designed precisely for this type of scenario. Users who have locked aWETH — the receipt token you get when you deposit ether into Aave — in the Umbrella vault automatically have their deposits cut to cover the shortfall. Once the cutting is complete, remaining depositors should get partial withdrawal access, but full coverage is not guaranteed — they may have to accept a cut in their positions. The incident thus becomes the first real test of whether Umbrella actually works as intended when a loss of several hundred million dollars must be absorbed.
While the Umbrella cutting is underway, lending protocol Fluid has launched the aWETH Redemption Protocol — an alternative exit route for users trapped in Aave. The solution allows pure depositors to swap aWETH directly for wstETH or weETH, two other forms of staked ether, and thus get immediate liquidity without waiting for redemption from Aave. Users with ether as collateral and other debt can swap the collateral for wstETH or weETH while the debt remains. Fluid is collaborating with Lido, ether.fi, 0x, 1inch, and KyberNetwork on the solution, which has an initial capacity of $1 billion in ether. The response time and breadth of collaboration show how other types of DeFi infrastructure can quickly route around problems in traditional lending protocols.
The key point is that Aave's code worked as it should. The loss occurred because the protocol's governance had approved rsETH as collateral with high loan-to-value — a decision that made Aave vulnerable to weaknesses in a completely different system. A token like rsETH derives its value from underlying infrastructure like bridges and restaking protocols, and when that infrastructure fails, the risk propagates to all protocols that have accepted the token as collateral.
The same principle applies on the bridge side. According to several independent technical reviews, the LayerZero protocol itself was not compromised — the problem lay in how KelpDAO configured its own bridge on top of it. KelpDAO's rsETH setup had only one required verification node and no reserves, so a single fake approval message was enough to release the funds. "The KelpDAO exploit is NOT a LayerZero protocol bug. It's a configuration issue," wrote developer cryptogoblin in a technical review on X, according to CoinDesk. LayerZero itself confirmed that the protocol's other applications were not affected. The difference between a protocol bug and a configuration error matters for the entire sector: it shifts responsibility from the code to the decisions developers make when setting up systems, and raises questions about whether DeFi's security standards are keeping pace with the growth in capital under management.
The contagion effect also extended to protocols without direct exposure to rsETH. Stablecoin issuer Ethena wrote on X that they are extending the pause on their own bridge — which uses the same LayerZero infrastructure as the KelpDAO bridge — until a satisfactory root cause analysis of the rsETH incident is available. Ethena simultaneously published a new overview of their reserves, verified by four independent third parties — Chainlink, Chaos Labs, LlamaRisk, and Harris & Trotter — confirming that the stablecoin USDe is still more than fully backed. The example shows how an incident in one protocol forces others to halt operations, even without direct exposure, because they share underlying bridge infrastructure.
No single actor in the chain failed in their own code. All links worked as designed. LayerZero delivered the building blocks to send messages between blockchains without setting minimum requirements for verification. KelpDAO built their bridge on top and chose a minimalist setup with only one verification node. Aave's governance opened the door for rsETH — a token issued by a completely different protocol, dependent on a bridge Aave does not control — to be used as collateral with high loan-to-value. The attacker exploited the sum of these decisions and drained Aave of real ether against collateral that quickly went to zero. In the end, Aave's depositors are left with the bill — through Umbrella cutting, through locked withdrawals, and through the fall in the AAVE token.
The shift in mood in the community has been marked. In comment sections and on X, the expression "DeFi is dead" — and especially the mantra "just use aave is dead" — has spread in the aftermath of the incident. It reflects a broader recognition that the sector has entered what may be its worst hack year so far. Ledgers' CTO Charles Guillemet stated that trust in DeFi has "eroded," and that 2026 "most likely" will be the worst year for hacks in the sector's history. The KelpDAO incident comes on top of the $285 million Drift attack on April 1, later linked to North Korean actors, and at least a dozen smaller incidents in April alone — including CoW Swap, Zerion, Rhea Finance, and Silo Finance. Overall, it paints a picture of a sector where trust that established protocols are safe is weaker than it has been in a long time.
Aave is DeFi's largest lending protocol and one of the oldest in the sector, originally launched in 2017 under the name ETHLend. The platform allows users to lend cryptocurrency for interest or borrow against their own collateral, without intermediaries. All lending and borrowing activity is governed by programmable contracts on Ethereum and several related networks, and the protocol is governed by AAVE token holders who vote on, among other things, which assets should be accepted as collateral. Before the incident, Aave had collected over $30 billion in deposits across networks.
KelpDAO issues rsETH, in practice a digital receipt for staked ether that yields returns from both ordinary Ethereum staking and from EigenLayer, a system where the staked ether is reused to secure other protocols. The token can be used further in DeFi, for example as collateral at Aave. To move rsETH between different blockchains, KelpDAO operates a bridge built on infrastructure from LayerZero, and it was this bridge that the attacker exploited.
LayerZero is a protocol that allows DeFi applications to send messages and values between different blockchains. Security rests on so-called verification nodes that check that messages between chains are valid. Both the KelpDAO bridge and Ethena's own bridge are built on LayerZero infrastructure.
Sources: Aave, Fluid, Ethena, Forbes, Decrypt, Yahoo, CoinDesk