At 17:35 (UTC) on April 18, a wallet that had washed funds through Tornado Cash sent a cross-chain message to LayerZero's EndpointV2 contract.

The semantics of this message were quite simple: a user on a certain chain wanted to transfer rsETH back to the Ethereum mainnet. LayerZero faithfully transmitted the instruction according to the protocol design. The bridging contract deployed by Kelp DAO on the mainnet also faithfully executed the release as designed.

116,500 rsETH, worth approximately 292 million dollars at the time, were transferred to an address controlled by the attacker in a single transaction.

The problem is that no one on the other chain had ever deposited this rsETH. This "cross-chain request" was fabricated out of thin air; LayerZero believed it, and Kelp's bridge believed it too.

46 minutes later, Kelp's emergency multi-signature finally hit the pause button. By that time, the attacker had already completed the latter half of the action, using the stolen rsETH, which was essentially unanchored, to deposit into Aave V3 and borrowed approximately 236 million dollars' worth of wETH.

This is the largest DeFi theft so far in 2026, surpassing the Drift protocol attack on April 1 by several million dollars, but what truly sends chills down the industry's spine is not just the amount.

How the Attack Happened: Three Bets from 17:35 to 18:28

Let’s reconstruct the timeline.

17:35 UTC, first success. The attacker called the lzReceive function on LayerZero's EndpointV2 contract; a wallet supported by Tornado Cash input a forged cross-chain data packet into Kelp's bridging contract. The contract validated it, and 116,500 rsETH were released to the attacker's address. Single transaction. Clean.

18:21 UTC, Kelp's emergency pause multi-signature froze core rsETH contracts on the mainnet and several L2s. 46 minutes had passed since the attack occurred.

At 18:26 and 18:28 UTC, the attacker initiated two more attempts, each trying to withdraw an additional 40,000 rsETH (about 10 million dollars) with LayerZero data packets. Both were reverted; the contract was frozen, but the attacker was clearly still trying to siphon off the remaining liquidity.

There was nearly a three-hour gap from the first success to Kelp issuing a public statement.

Kelp's first X post was not released until 20:10 UTC, with very restrained language: they discovered suspicious cross-chain activity involving rsETH and had paused the rsETH contracts on the mainnet and several L2s, and were working with LayerZero, Unichain, auditors, and external security experts for root cause analysis.

However, the first to reach conclusions before the official statement was ZachXBT, a blockchain detective who issued an alert on his Telegram channel before 3 PM EST, listing six wallet addresses related to the theft and noting that the attack wallet had prepared funds through Tornado Cash before starting action. He did not name Kelp DAO, but on-chain analysts linked the addresses within just a few hours.

This was apremeditated, minute-level execution operation. Preloaded washed funds in the wallet, carefully constructed cross-chain data packets, and continuous actions with Aave's mortgage, each step was like walking in sync with a metronome.

After Stealing, Another Scheme

If it were merely a bridge vulnerability, stealing 116,500 rsETH and then running away would count as a major incident in 2026. Kelp would bear the losses, the community would digest it for a few days, and the industry would move on.

But the attacker clearly calculated. The secondary liquidity of rsETH itself is not abundant; directly throwing 292 million dollars into a DEX to sell, slippage would eat into a significant portion of the profit. A more elegant way to offload is to package this batch of "obtained out of thin air rsETH" into seemingly respectable collateral to borrow real liquid assets in lending protocols.

Thus, the attacker took the second step: deposited the stolen rsETH into Aave V3 as collateral and borrowed a large amount of wETH.

Why is this step fatal? Because at that moment, the Aave contract was still calculating collateral value based on the oracle price of rsETH, while the reserves in the bridge had already been emptied, meaning the economic foundation of this rsETH essentially no longer existed. The lending protocol continued to issue loans based on the "100% backing" standard, but the collateral had become a worthless check.

The result is that: the risk of converting funds into cash was transferred to Aave's wETH reserve pool.

The wETH reserve of Aave V3 is now digesting bad debts, and Solidity developer and auditor 0xQuit reminded depositors on X that the wETH pool has actually been impaired, and some withdrawals may only be restored after Aave's Umbrella backup module clears the deficit.

The estimated scale of the bad debt is currently around 177 million dollars, and this is just on the Ethereum mainnet side.

A Predicted First Major Test

For veteran DeFi players, this segment feels eerily familiar; during the 2022 Luna collapse, Aave V2's Safety Module played a similar role.

But this time, it is the Umbrella that takes the stage. Aave is set to launch a new generation of backup system by the end of 2025 to replace the old Safety Module, and this incident is the first significant real-world stress test of Umbrella's automatic bad debt coverage mechanism.

The logic of Umbrella is very straightforward: pledge aTokens like aWETH, aUSDC, GHO to the corresponding Umbrella vault to earn additional incentives in normal times, but when the corresponding asset pool shows a deficit, this portion of the pledge will be subject to proportional slashing to cover the shortfall.

This design looks great on paper; in the first month of Aave v3.3 operation, the total pool deficit was about 400 dollars, corresponding to nearly 9.5 billion dollars of outstanding loans, a ratio so small it could almost be ignored.

But 177 million dollars of bad debt is another level. For users who pledged aWETH to Umbrella, they are about to genuinely feel the weight of the phrase "bearing slashing risk" for the first time. Aave's official statement is very cautious: If bad debts occur, Aave plans to use Umbrella assets to cover any financial gap. But whether this can fully cover, what the slashing ratio will be, and how much the principal of depositors will be impaired, these questions can only be answered once the settlement is complete.

The Original Sin of Cross-Chain Bridges

What is more unsettling is the identity of the stolen rsETH.

rsETH has been deployed on over 20 networks, including Base, Arbitrum, Linea, Blast, Mantle, and Scroll, with cross-chain circulation handled by LayerZero's OFT standard. The rsETH emptied from the bridge is precisely the reserve that supports all "wrapped version" rsETHs on these networks.

This design sounds very conventional: the mainnet treasury holds a 1:1 reserve, theoretically allowing rsETH holders on L2 to redeem back to the mainnet at any time. But the premise of this mechanism is that the treasury actually has funds.

Now, the treasury is empty by 18%. Of the total circular supply of Kelp's rsETH, about 18% of the share lost its corresponding reserve overnight.

This created a feedback loop: if holders on L2 panic redeem, the pressure will transmit to the unaffected Ethereum supply side, possibly forcing Kelp to unwind re-staking positions to meet withdrawal requests.

Unwinding re-staking is not a push-button affair. EigenLayer withdrawals have a delay, and the exit of underlying validators has a queuing period. If holders of rsETH on L2 collectively rush to the redemption window, Kelp may not be able to prepare mainnet repayment ammunition in time.

This is a fundamental risk of the bridge reserve model: as long as this one reservoir on the mainnet has a problem, the water pressure of all downstream tributaries will collapse. Each holder of rsETH on L2 is currently facing the same dilemma—should they run first or trust Kelp to cover?

Panic swept through the entire DeFi lending sector within a few hours.

The market for rsETH on Aave V3 and V4 was frozen, and new deposits and borrowing channels based on rsETH were closed.

SparkLend and Fluid followed suit in freezing the rsETH market.

Ethena, although stating that it has no exposure to rsETH and maintains over 101% collateralization, still suspended its LayerZero OFT bridging from the Ethereum mainnet as a precaution, anticipating a suspension of around six hours; this reaction is very intriguing: players with no direct exposure are also stopping LayerZero-related bridges.

Lido Finance paused new deposits to its earnETH product (as this product contains rsETH exposure), while emphasizing that stETH and wstETH remain unaffected and that Lido's core staking protocol is unrelated to this incident.

Upshift suspended deposits and withdrawals for the High Growth ETH and Kelp Gain funds.

This list is still getting longer.

Deep Tide Commentary: The Long Road to DeFi Security

As of the drafting of this article, Kelp DAO's root cause analysis is still ongoing. How much of the stolen rsETH can be recovered through negotiations with security teams or white hats? Can Aave's Umbrella withstand this bad debt? Will holders of rsETH on L2 trigger a bank run? Can the prices of AAVE and rsETH stabilize before the weekend ends?

However, some questions have already emerged.

For instance, can LRT continue to serve as qualified collateral for lending protocols?

Liquid Restaking Token (LRT) was the darling of the Ethereum ecosystem during the last cycle. EigenLayer started the narrative of "one ETH earning multi-layer profits," and protocols like Kelp, ether.fi, and Puffer industrialized this narrative. The end result is: LRT has been included as a structural asset in the collateral whitelist by major lending protocols.

This decision is based on an assumption: that the anchoring mechanism of LRT is robust enough and that the multi-layer nesting risks of the underlying assets can be sufficiently modeled and isolated at the smart contract level.

The Kelp incident punctured this assumption in just one afternoon. The risks of LRT do not only stem from the underlying smart contracts, but also from its cross-chain distribution architecture; they do not only arise from a single protocol but also from every dependency relationship between it and EigenLayer, LayerZero, and Aave. Every block of DeFi Lego seems safe when examined separately, but the risks multiply when assembled into a complete picture.

In the coming months, all lending protocols that still consider LRT as high-level collateral must reassess their risk parameters. Supply caps may decrease, liquidation buffers may widen, and some protocols may even delist.

The moat of DeFi has long been referred to as "composability," but this incident reminds everyone: composability is a double-edged sword. The network effects you pride yourself on become amplifiers in the hands of attackers.

This attacker had already considered an exit path in advance; it wasn’t merely about theft, but weaponizing DeFi composability. The closer the dependencies between protocols and the richer the composability, the broader the attack surface for the attacker, and the more financial Lego they could call upon.

DeFi security still has a long way to go.