An attacker drained 116,500 rsETH from Kelp's LayerZero-powered bridge on Saturday, triggering a withdrawal stampede at Aave that wiped a quarter of the lending giant's deposits in under 24 hours.
An attacker drained 116,500 rsETH — roughly $292 million and 18 per cent of the token's circulating supply — from Kelp DAO's cross-chain bridge on Saturday afternoon, making it the largest decentralised finance exploit of 2026 and setting off a chain reaction that has shaken confidence in the sector's plumbing.
The breach targeted the LayerZero messaging layer that underpins Kelp's omnichain architecture. At 17:35 UTC, a wallet funded through Tornado Cash roughly ten hours earlier submitted a forged cross-chain message that tricked the bridge's lzReceive method into releasing the full rsETH haul to an attacker-controlled address. No corresponding tokens were burned on the source chain; the attacker simply minted value from thin air by exploiting what on-chain investigators at D2 Finance described as either a compromised source-side OApp key or a failure in the decentralised verifier network, compounded by Kelp's reliance on LayerZero Labs as its sole verifier — a single point of failure in a system designed to have none.
Kelp's emergency pauser multisig froze the protocol's core contracts 46 minutes later, at 18:21 UTC. Two follow-up drain attempts at 18:26 and 18:28 UTC — each targeting another 40,000 rsETH worth roughly $100 million — both reverted against the frozen contracts. The pause likely prevented the exploit from exceeding $490 million.
What happened next was arguably worse for the broader DeFi ecosystem than the theft itself. The attacker deposited the stolen rsETH as collateral on Aave V3 and borrowed wrapped ether against it, creating approximately $196 million in protocol-specific bad debt concentrated in the rsETH–WETH pair on Ethereum mainnet. Aave's founder Stani Kulechov confirmed that Aave's own smart contracts were not compromised, but the damage was already cascading through the system.
Depositors did not wait to see whether Aave's Umbrella reserve — the protocol's insurance mechanism — could absorb the loss. Aave's total value locked dropped from $26.4 billion on Friday to roughly $20 billion by Sunday morning US time, according to DefiLlama; a $6.6 billion outflow in barely 36 hours. Justin Sun alone withdrew 65,584 ETH, worth approximately $154 million. ETH utilisation on the protocol climbed to 100 per cent, meaning remaining depositors who wanted to exit found themselves in a queue with no liquidity on the other side.
Aave initially said the Umbrella reserve would cover any deficit. By Saturday afternoon, the language had softened to a commitment to 'explore paths to offset the deficit' — a shift that did nothing to calm nerves. The AAVE token fell 16 per cent over the weekend.
The fallout extended well beyond Aave. SparkLend and Fluid froze their rsETH markets within hours; Lido Finance paused earnETH deposits due to rsETH exposure; Ethena temporarily suspended its LayerZero bridges for roughly six hours as a precaution. Across the ecosystem, protocols scrambled to assess whether their own cross-chain configurations carried the same vulnerability.
The Kelp exploit overtakes the Drift Protocol hack from earlier this month by a few million dollars, and it arrives in a year that has already seen DeFi losses approach $600 million. The common thread running through 2026's worst incidents is cross-chain infrastructure — bridges and messaging layers that promise interoperability but introduce attack surfaces that most users never think about until their deposits vanish.
For Aave, the structural question is whether a permissionless lending protocol can safely accept restaked and wrapped collateral tokens whose value depends on the security of third-party bridges. Kulechov's team accepted rsETH as collateral on the basis that it was an established liquid restaking token; the Kelp exploit demonstrated that 'established' and 'secure' are not synonyms. The Bybit hack earlier this year — $1.4 billion stolen by the Lazarus Group — already raised questions about custodial security in crypto. The Kelp breach extends those questions to the DeFi stack itself.
Kelp DAO said it is coordinating with LayerZero, Unichain, auditors, and security researchers to determine the root cause. The rsETH contracts remain paused. Whether the protocol can restore its peg and meet redemptions will depend on what the attacker does with the borrowed ETH — and whether any of the stolen funds can be frozen or recovered before they disappear into mixers for good.
