KelpDAO rsETH Bridge Exploit Triggers Aave Liquidity Crisis

This event highlights the vulnerabilities in cross-chain bridges and the systemic risks they pose to DeFi lending protocols.

• On April 18, 2026, KelpDAO's rsETH bridge was exploited, draining approximately 116,500 rsETH.
• Aave faced a withdrawal crisis, with over $5.4 billion in ETH and WETH outflows as panic ensued.
• Aave froze rsETH markets across its V3 and V4 deployments to cap exposure and mitigate bad debt.

• KelpDAO's rsETH is a liquid restaking token that allows users to earn yield on restaked ETH, but a vulnerability in its bridge contract was exploited.
• Aave had recently approved high loan-to-value (LTV) ratios for rsETH without adequate risk assessment, exposing it to collateral devaluation.
• The incident underscores the risks associated with over-reliance on third-party assets in DeFi lending and the potential for cascading failures across protocols.

On April 18, 2026, a significant exploit occurred when attackers targeted KelpDAO's LayerZero-based rsETH bridge. In a swift operation lasting just 46 minutes, they minted and drained 116,500 rsETH, valued at approximately $290–300 million. This exploit allowed the attackers to deposit the stolen tokens as collateral on Aave V3 Ethereum, enabling them to borrow wrapped ether (WETH) worth an estimated $177–200 million. The rapid devaluation of this collateral led to a liquidity crisis for Aave, as the borrowed assets became effectively worthless.

In response to the crisis, Aave took immediate action by freezing the rsETH supply and borrowing capabilities across its V3 and V4 deployments. They set the loan-to-value (LTV) ratio for rsETH to 0% and capped exposure to mitigate further losses. Despite these measures, panic-driven withdrawals ensued, resulting in over $5.4 billion in ETH and WETH outflows from affected pools. This mass withdrawal caused Aave's total value locked (TVL) to plummet by 24% to $19.8 billion, while the value of AAVE tokens dropped by 17-20%.

The incident has raised serious concerns about the systemic risks associated with cross-chain bridges and the reliance on third-party assets in DeFi lending. Aave's Umbrella backstop was activated to cover the bad debt, which is estimated to be between $177 million and $200 million. However, the implications of this crisis extend beyond Aave, as other protocols like Compound and Euler also faced smaller exposures, leading to some pausing their operations.

The KelpDAO exploit serves as a stark reminder of the vulnerabilities inherent in decentralized finance. The rapid minting of unbacked tokens through a forged cross-chain message illustrates the potential for catastrophic failures when protocols do not adequately assess risks associated with third-party assets. As the DeFi landscape continues to evolve, the need for robust risk management practices and comprehensive assessments of collateral becomes increasingly critical.

• DeFi users: Those who hold assets in Aave or similar protocols may face liquidity issues and reduced borrowing power.
• Investors in AAVE tokens: The decline in token value directly impacts their investments and market confidence.
• Cross-chain bridge developers: Increased scrutiny and potential regulatory challenges may arise as vulnerabilities are exposed.
• Liquidity providers: Those providing liquidity to affected pools may experience losses and reduced returns.

• Market recovery indicators: Monitor Aave's TVL and token price recovery to gauge market confidence in DeFi protocols.
• Regulatory responses: Watch for any regulatory actions or guidelines that may emerge in response to the exploit and its implications for DeFi.
• Cross-chain bridge security audits: Increased focus on security audits for cross-chain bridges could lead to improved risk management practices across the industry.