Attacker minted unbacked rsETH through Kelp’s LayerZero bridge, then borrowed WETH on Aave V3 and V4 before markets could freeze.
In 46 minutes on Saturday evening, DeFi lost more money than it had in any single event this year, and left Aave to face its biggest challenge yet. The mechanics took roughly one transaction.
At 17:35 UTC on April 18, an attacker sent a crafted message to Kelp DAO’s LayerZero-powered cross-chain bridge. The bridge accepted it as legitimate and released 116,500 rsETH, worth about $293 million and roughly 18% of the token’s entire circulating supply, to a wallet that had been funded through Tornado Cash ten hours earlier. No ETH ever changed hands on the other side, which means rsETH was effectively spun out of thin air.
The attacker did not try to sell it. They deposited it into Aave V3 as collateral and borrowed real wrapped ether against it, then repeated the trick on Aave V4. By the time Kelp’s emergency multisig froze the protocol’s core contracts 46 minutes later, the WETH was gone.
Two follow-up attempts at 18:26 and 18:28 UTC, each trying to drain another 40,000 rsETH, reverted into the pause, but the first hit was already reverberating across DeFi.
Twenty-four hours later, Aave is carrying between $177 million and $236 million in bad debt, its TVL has dropped by roughly $6 billion, according to DeFiLlama, its WETH market is pinned at 100% utilization, and the AAVE token is down more than 18%.
SparkLend, Fluid, and Upshift have all paused or frozen rsETH. rsETH on more than 20 chains is of uncertain backing. Ethereum itself has barely moved.
It is now, by size, the largest DeFi exploit of 2026.
How it happened
rsETH is Kelp’s liquid restaking token. Every rsETH is supposed to represent a real claim on ETH deposited into Kelp and restaked across EigenLayer operators. That one-to-roughly-one relationship is why some money markets have been willing to treat rsETH as ETH-correlated collateral.
rsETH lives on more than 20 networks and moves between them through a LayerZero messaging layer. When a user locks rsETH on one chain, the bridge on the destination chain is supposed to mint or release an equivalent amount only after it verifies a valid message from the source.
The attacker found a way to make that verification accept a message that corresponded to no real deposit, so that 116,500 rsETH were released without the corresponding ETH being locked anywhere. Kelp’s vault reserves did not move, but its liability, denominated in rsETH, grew by 18%.
How Aave became the exit door
This is where the story gets uncomfortable for Aave.
Kelp’s bridge is the proximate cause of the mint. But the reason this turned into $200 million of hard damage rather than a localized, recoverable incident is that Aave had, by design, made rsETH one of the most capital-efficient collateral types in DeFi.
Supply caps were large enough to accommodate an entire $292M deposit. Borrow caps on WETH were sized such that a single attacker could withdraw well over $200M of real ether in a handful of transactions. Liquidation thresholds assumed rsETH would trade at or near peg.
The listing reviews and parameter tuning by Chaos Labs, Block Analitica, and LlamaRisk treated rsETH as what it had been in practice: a conservatively collateralized liquid re-staking token (LRT) with a boring price history.
That’s why the attacker was able to use a single forged message on a bridge to drain real assets out of the largest lender in DeFi.
Billions of WETH left Aave
After the attacker borrowed WETH against unbacked rsETH, WETH suppliers started to withdraw their own funds, likely on speculation that first-movers would be made whole while last-movers would eat the residual loss. By Sunday morning, $5.4 billion of ETH and WETH had left Aave.
WETH pool utilization hit 100%, which means WETH depositors can no longer withdraw.
The borrow positions are effectively unliquidatable. The collateral cannot be redeemed at Kelp and will not trade near peg once the scale of unbacked supply is fully digested. No profitable liquidation path exists.
Aave Labs said on X that Aave’s contracts were not compromised. But “no bug” doesn’t necessarily mean “no problem.”
Aave’s Umbrella insurance fund holds about $50 million. Aave-specific bad debt is roughly $196 million concentrated in the rsETH / WETH pair on Ethereum. The gap is where the next few weeks of governance will happen.
The waterfall, in order: aWETH Umbrella stakers absorb the first slice via automatic slashing; WETH suppliers take a pro-rata haircut on their deposits; stkAAVE holders are next if governance activates a deeper slash; and the DAO treasury could fund a repayment proposal.
Aave’s Guardian froze rsETH and wrsETH across every deployment. Aave V4’s Security Council disabled supply and borrow on both the Core Hub and the Kelp E-Spoke. A Risk Stewards proposal to reduce the WETH Slope1 is already live, aimed at pulling new supply back in.
Contagion spreads
SparkLend, Fluid, and Upshift froze rsETH within hours. The exception is Morpho: CEO Paul Frambot said exposure is about $1 million across two isolated markets, with other vaults entirely unaffected. Morpho’s architecture isolates each market so bad debt in one pair cannot propagate.
rsETH itself now has a backing problem across 20-plus chains until Kelp publishes a clean reconciliation of reserves against outstanding supply. Any protocol that accepts wrsETH as collateral is exposed until that accounting is public.
LayerZero’s messaging layer will also take scrutiny as the path manipulated in Kelp’s bridge is not unique to Kelp.
Kelp follows the $285 million Drift hack on April 1, the $80M Resolv Labs exploit in March, and a string of infrastructure-level compromises. Cumulative DeFi losses for 2026 are between $450 and $482 million across roughly 45 protocols.
