Kelp DAO Exploit Results in $293 Million Loss and $6 Billion Decline in Aave TVL

This exploit reveals critical systemic risks in cross-chain infrastructure that could affect the stability of DeFi markets globally.

• Kelp DAO was exploited for approximately $293 million on April 18, 2026, due to a vulnerability in its LayerZero-powered bridge.
• Aave's total value locked (TVL) dropped by $6 billion as mass withdrawals followed the exploit, highlighting collateral dependencies in lending markets.
• Emergency measures were implemented across affected protocols, freezing markets and pausing contracts to mitigate further losses.

• Kelp DAO provides liquid restaking for ETH via rsETH, integrated with EigenLayer and utilizing LayerZero's OFT bridge for cross-chain transfers across over 20 networks.
• The exploit involved spoofing a cross-chain message, tricking the bridge into releasing unbacked rsETH to an attacker-controlled address funded via Tornado Cash.
• This incident is part of a broader trend of vulnerabilities in DeFi, with multiple exploits occurring in 2026, including a $285 million incident involving the Drift Protocol.

On April 18, 2026, at 17:35 UTC, an attacker initiated a sophisticated exploit of the Kelp DAO's LayerZero cross-chain bridge. By spoofing a cross-chain message, the attacker drained 116,500 rsETH tokens, valued at approximately $293 million, from the bridge. This exploit was particularly alarming as it represented 18% of the circulating supply of rsETH, raising immediate concerns about the stability of Kelp DAO and its associated protocols.

In response to the exploit, Kelp's emergency multisig team acted swiftly, freezing core contracts at 18:21 UTC. This decisive action thwarted two subsequent attempts by the attacker to drain an additional $100 million. However, the damage was already done. The attacker had already deposited the stolen rsETH as collateral on Aave V3 Ethereum, borrowing around $200 million in wrapped ETH. This maneuver created approximately $196 million in bad debt on Aave, prompting the platform to freeze rsETH markets on both V3 and V4.

The fallout was immediate and severe. Aave's total value locked (TVL) plummeted from $26.4 billion to $20 billion, a staggering decline of $6.6 billion. The AAVE token, which is integral to the governance and utility of the Aave platform, saw a decline of 16-20%, dropping to around $92. LayerZero's ZRO token also suffered, falling by 30%. This incident not only highlighted the vulnerabilities in cross-chain infrastructure but also underscored the collateral dependencies that exist within lending markets, where the failure of one protocol can have cascading effects on others.

The exploit has prompted a wave of precautionary measures across the DeFi landscape. Affected protocols, including Lido Finance and Ethena, have paused operations to assess risks and prevent further losses. Kelp DAO, Aave, and LayerZero have initiated joint investigations to understand the exploit's mechanics and to enhance security measures moving forward. The decentralized nature of these platforms means that there has been no centralized governmental response, but the industry is feeling the impact nonetheless, with a contraction of approximately $10 billion in DeFi TVL across the board.

• DeFi investors: Those holding AAVE or rsETH tokens face immediate financial losses due to price declines.
• Liquidity providers: Users providing liquidity to affected protocols may see reduced returns or losses due to frozen markets.
• Developers and protocol teams: Increased scrutiny and pressure to enhance security measures and address vulnerabilities in their platforms.
• Regulatory bodies: As incidents like this gain attention, regulators may increase oversight on DeFi protocols, impacting operational frameworks.

• Investigations outcomes: The results of ongoing investigations by Kelp DAO, Aave, and LayerZero will provide insights into the exploit's mechanics and potential security improvements.
• Market recovery trends: Monitor how quickly Aave and other affected protocols can restore confidence and liquidity in their markets.
• Regulatory developments: Watch for any new regulations or guidelines that may emerge in response to this incident, which could reshape the DeFi landscape.