The Latest Exploit May Be the Biggest One of 2026

On April 18 at 17:35 UTC, an attacker forged a cross-chain message on Kelp DAO's LayerZero bridge and minted 116,500 rsETH worth roughly $292M. Within minutes, 89,567 of those unbacked tokens were deposited as collateral on Aave V3, and $190M in real ETH and wETH was borrowed against them.

Over the next 48 hours, Aave depositors pulled $8.45B from the protocol. Total DeFi TVL dropped $13.21B to an 11-month low near $86B. AAVE fell 16%. The attack cost $292M in principal but triggered a 40x larger liquidity event because of how DeFi's building blocks are connected.

How a Bridge Hack Became a Bank Run

Kelp's Unichain-to-Ethereum bridge was configured with a 1-of-1 DVN (decentralized verifier network), meaning a single verifier approved cross-chain messages. The attacker poisoned two of the RPC nodes the verifier relied on and DDoS'd a third, forging a packet that was verified, committed, and delivered on Ethereum. The bridge released 116,500 rsETH to an attacker-controlled address, roughly 18% of the token's circulating supply.

The tokens were immediately deployed on Aave. Because rsETH had been integrated as standard collateral with meaningful LTV parameters, the freshly minted, unbacked tokens were treated the same as any other legitimate deposit. The attacker borrowed approximately $190M in ETH and wETH across Ethereum and Arbitrum markets before Aave's Risk Stewards could react.

Aave froze rsETH markets within hours. But the bad debt was already locked in, and the broader market understood what had just happened: a liquid restaking token widely used across DeFi was now potentially unbacked across 20+ chains, and the largest lending protocol was holding the unbacked bag.

The Reflexive Impact

Whales moved first. In the 24 hours after the exploit, more than $6B left Aave. Major pools (ETH, USDT, USDC) hit 100% utilization, effectively freezing withdrawals for anyone who did not get out early. Over 48 hours, total outflows reached $8.45B.

The users who could not withdraw did something else: they borrowed roughly $300M against their own locked stablecoin deposits. A $300M borrowing spike on the largest lending protocol in DeFi, but not because anyone wanted leverage. They were paying steep interest rates just to extract liquidity from positions they could no longer exit directly. The borrowing spike was not a demand signal. It was the on-chain signature of trapped depositors.

This is the dynamic that turns a $292M exploit into a $13B TVL drawdown. When major pools hit 100% utilization, the protocol stops being a lending market and starts being a locked vault. Every remaining depositor has a choice: pay the 100%-utilization borrow rate to effectively exit, or wait and hope bad debt gets socialized away from them.

Who Eats the Loss

Aave's incident report outlines two scenarios. If the damage is spread across all rsETH via a ~15% haircut to the token's backing ratio, Aave's bad debt lands near $123.7M. If the loss is confined to the L2s where the fraudulent rsETH was deposited, the number rises to roughly $230M.

The outcome depends on Kelp DAO's allocation decision. Spreading the loss across the full rsETH supply means legitimate holders who had nothing to do with the LayerZero bridge take a haircut to protect lenders downstream. Confining the loss to L2s means the holders whose tokens landed in the compromised pools absorb everything, but Aave's exposure jumps because most of the fraudulent rsETH ended up in L2 markets.

Neither path is clean. The $292M doesn't vanish. Someone absorbs it, and DeFi has no principled mechanism for deciding who.

The Blame War

LayerZero publicly criticized Kelp's 1-of-1 DVN configuration, arguing it was a single point of failure. Kelp fired back that LayerZero's own quickstart guide and default GitHub configuration specify 1-of-1 DVN, and that roughly 40% of protocols integrated with LayerZero currently run the same setup. The blame game matters less than what it reveals: the default security configuration of a major cross-chain messaging layer shipped with a single point of failure, and the industry built production infrastructure on top of it.

Preliminary findings point to North Korea's Lazarus Group. The RPC node compromise and DDoS coordination match prior Lazarus tradecraft, and the laundering patterns are consistent with known DPRK-linked activity.

What This Means

DeFi's post-2022 risk infrastructure, tighter collateralization, mature liquidation engines, and active risk stewards, worked as designed. Aave's core contracts were never compromised. The rsETH markets were frozen within hours. The bad debt was contained to a specific collateral type. Stani Kulechov was right that "the exploit was external."

But the reflexive dynamics were worse than 2022. When a $292M loss at one protocol translates into $8.45B of deposits fleeing another, the problem is not the protocol. It is the composition. Every layer of DeFi adds utility, and every layer adds a new way for trust to break upstream. A restaking token derives its value from the assets in its adapter contract. Its bridge derives verification from a DVN. Its DVN derives trust from RPC nodes. When any of those breaks, the downstream lending protocol holds unbacked collateral.

The industry's response is forming in real time. Aave's Risk Stewards pushed for tighter DVN configuration standards across integrated restaking tokens. LayerZero published revised quickstart guidance recommending 2-of-3 minimum DVN setups. The encouraging part out of all this is the industry's reflexes are getting sharper, and the path forward is the one it's already on around faster learning, tighter security and cross-chain constraints.

Arbitrum exercised its emergency powers to rescue ~$70M of hacked funds 💪

DeFi ratings is now needed more than ever 🫡

DeFi contagion from the Kelp exploit 🥲