Kelp DAO Bridge Drained for 292 Million Dollars, rsETH and Aave Hit Hard

On April 18, 2026, the Kelp DAO bridge that connects rsETH across different blockchains was hacked. The total loss reached 292 million US dollars, equal to 116,500 rsETH tokens. The attack used LayerZero and affected rsETH liquidity on more than 20 chains. Aave immediately froze the rsETH markets on V3 and V4 to protect users.

This article explains in full detail what happened to the Kelp DAO bridge, how the LayerZero exploit occurred, its impact on rsETH and Aave, and the DeFi bridge risks you should know. All facts come from on-chain data and official announcements so you can understand the situation clearly and calmly.

Key Takeaways

• The Kelp DAO bridge lost 116,500 rsETH worth 292 million US dollars through a LayerZero EndpointV2 exploit on April 18, 2026.
• The attack affected around 18 percent of the total circulating rsETH supply.
• Kelp DAO successfully paused the contract within 46 minutes and prevented an extra loss of about 100 million dollars, while Aave froze the rsETH markets to stop potential bad debt.

Register at Bittime now and start trading crypto with a fast, safe, and easy process in the app.

What Happened to the Kelp DAO Bridge

The Kelp DAO bridge is a cross-chain bridge that lets rsETH move safely between blockchains. rsETH itself is Kelp DAO’s liquid restaking token that represents restaked ether. On Saturday, April 18, 2026, around 07:35 UTC, hackers drained the bridge.

The attacker called the lzReceive function on the LayerZero EndpointV2 contract. This caused the bridge to release 116,500 rsETH directly to a wallet controlled by the hacker. The stolen funds were then sent through Tornado Cash to make tracking difficult.

The bridge held the original rsETH reserves that backed wrapped versions on more than 20 networks, including Ethereum, Arbitrum, Base, Linea, Blast, Mantle, and Scroll. Once the bridge was drained, rsETH liquidity on those chains was immediately affected.

Kelp DAO reacted quickly. Their team activated the emergency pauser multisig about 46 minutes after the attack. The core contract was paused, so two follow-up attempts by the hacker to drain another 40,000 rsETH (worth around 100 million dollars) failed and reverted.

As of now, the stolen funds are still in the attacker’s wallet and there is no sign of any return. This event is the biggest DeFi exploit of 2026 so far. Many investors are worried because the stolen amount equals 18 percent of the total rsETH supply. However, the fast pause successfully limited further losses.

Read also : XRP vs Crypto Coins in 2026: Which Has More Potential?

How the LayerZero Exploit Happened

This attack is a type of cross-chain exploit that targeted the LayerZero OFT bridge. LayerZero is a protocol that connects different blockchains so tokens can move easily. Unfortunately, the attacker found a gap in the way the bridge validates messages.

The attacker’s wallet had been funded through Tornado Cash about 10 hours before the attack. They then called the lzReceive function on EndpointV2 and sent fake instructions. The bridge treated the instructions as valid and released rsETH from its reserves.

This was not a direct attack on Kelp DAO’s smart contract itself, but rather manipulation of the LayerZero messaging layer. After the funds left, the hacker moved most of them to a consolidation wallet on Ethereum and Arbitrum. Around 75,700 ETH (worth 178 million dollars) was collected within one hour.

Kelp DAO is working with LayerZero, auditors, and security teams to investigate the root cause. They have not yet released full technical details on how the validation was bypassed. Still, the incident shows that cross-chain bridges carry risks even when using advanced technology.

For users, this is a reminder that every DeFi bridge needs regular audits. The exploit also raised similar concerns for other protocols using LayerZero. Some projects, such as Ethena, temporarily paused their bridges for a few hours as a precaution. 

Read also : Ether.fi and ETHGas: A New $3 Billion Strategy to Strengthen Ethereum Liquidity

Impact on rsETH and Aave

The most immediate impact was felt by rsETH and the protocols that use it as collateral. Because the bridge was emptied, rsETH liquidity across many chains came under pressure. Aave quickly froze the rsETH markets on both V3 and V4. Aave stated that it is reviewing all rsETH loans made after the exploit and will work to close any potential bad debt.

The AAVE token dropped around 10 percent after the news spread. Aave confirmed that its own contracts were not attacked and it has no further exposure to rsETH. Other protocols such as SparkLend, Fluid, and Upshift also froze their rsETH markets.

Wrapped rsETH on more than 20 chains now faces peg pressure. Some investors worry about mass redemptions that could force Kelp DAO to unwind restaking positions on Ethereum. Lido Finance even temporarily paused deposits into its earnETH product linked to rsETH, although stETH and wstETH remain safe.

On the positive side, the quick response from Kelp DAO and Aave prevented larger losses for regular users. However, the event highlights that restaking assets like rsETH are still vulnerable to bridge risks. Investors who use rsETH as collateral in DeFi should keep monitoring official updates. 

Read also : Bitcoin Is Not Just Digital Gold, Here Is Its Geopolitical Value According to Bitwise?

DeFi Bridge Risks and Lessons for Investors

This incident highlights the DeFi bridge risks that are often overlooked. Cross-chain bridges make moving assets easier, but they also become attractive targets because of the complexity of validating messages between chains. The LayerZero exploit adds to the list of cases where gaps in the messaging layer were exploited by hackers.

Here are the main risks you should watch for:

1. Fake message manipulation on bridge protocols.
2. Dependence on custodians or reserves that are not immediately visible.
3. Potential bad debt in lending protocols like Aave.
4. Domino effects on wrapped assets across many chains.

The most important lesson for Indonesian investors is to do thorough research before using any bridge or holding assets in DeFi. Choose protocols that have been audited multiple times and have clear emergency pause mechanisms. Do not put your entire portfolio into a single restaking asset.

Kelp DAO is still investigating and has not announced a recovery plan yet. In the meantime, the rsETH markets remain frozen to protect users. This event is a reminder that DeFi still carries risks even as it advances. Stay calm, follow official updates, and diversify your assets to stay safer. 

Conclusion

The Kelp DAO bridge hack for 292 million dollars shows how vulnerable cross-chain systems in DeFi can be. rsETH lost 18 percent of its supply, Aave had to freeze markets, and many investors felt worried. However, Kelp DAO’s quick action to pause the contract within minutes successfully limited bigger losses.

This incident gives a valuable lesson about DeFi bridge risks and the importance of cross-chain security. For investors, it is time to be more careful when choosing protocols and to always monitor the liquidity of the assets you use. We hope Kelp DAO can recover and that this case pushes the industry to improve security standards.

You can keep following developments on local exchanges and Indonesian crypto communities. Remember, investing in DeFi still requires caution. We hope this explanation helps you understand the situation better. Stay calm and invest only what you can afford!

FAQ

How much was lost in the Kelp DAO hack? 

A total of 116,500 rsETH worth 292 million US dollars was stolen on April 18, 2026.

What caused the exploit? 

The attack used the LayerZero bridge by calling the lzReceive function, which triggered the release of rsETH.

What was the impact on Aave? 

Aave froze the rsETH markets on V3 and V4 to prevent bad debt, and the AAVE token price dropped around 10 percent.

Did Kelp DAO manage to stop the attack? 

Yes, they paused the contract within 46 minutes and blocked two additional attempts worth 100 million dollars.

What DeFi bridge risks should investors watch for? 

The main risks are fake message manipulation, lack of reserve transparency, and domino effects on assets across multiple chains.

How to Buy Crypto on Bittime?

Want to trade sell buy Bitcoins and crypto investment easily? Bittime is here to help! As an Indonesian crypto exchange officially registered with Bappebti, Bittime ensures every transaction is safe and fast.

Start with registration and identity verification, then make a minimum deposit of IDR 10,000. After that, you can immediately buy your favorite digital assets!

Check the exchange rate BTC to IDR, ETH to IDR, SOL to IDR and other crypto assets to find out today's crypto market trends in real-time on Bittime.

Also, visit the Bittime Blog for interesting updates and educational information about the crypto world. Find reliable articles about Web3, blockchain technology, and digital asset investment tips designed to enrich your crypto knowledge.