An attacker drained over $290 million in rsETH from KelpDAO, then used the unbacked tokens as collateral on Aave V3 to borrow WETH, leaving the lending protocol with bad debt and depositors scrambling to withdraw.
Sometime around 19:44 UTC on April 18, on-chain investigator ZachXBT flagged an active exploit hitting KelpDAO's rsETH bridge, which relies on LayerZero's cross-chain messaging infrastructure. The attacker had already funneled roughly 116,500 rsETH, worth more than $290 million, out of the protocol after funding wallets through Tornado Cash. But the theft itself was only the first half of the problem. The second half played out on Aave V3, where the attacker deposited the stolen rsETH as collateral and borrowed a substantial volume of Wrapped Ether against it.
Because the drained rsETH was no longer backed by any real underlying assets, the collateral posted on Aave was effectively worthless. The resulting borrowing positions cannot be liquidated through normal mechanisms, which means Aave's WETH reserve is now carrying debt that no one is going to repay. Solidity developer and auditor 0xQuit put it bluntly on social media: if you have WETH on Aave V3 Core, withdraw now. Aave founder Marc Zeller echoed the same urgency.
The speed of contagion here illustrates exactly what makes DeFi composability both powerful and dangerous. Protocols in this ecosystem are built like interlocking financial lego bricks, where a token issued by one platform can be instantly reused as collateral on another. When the token holds its peg, everything runs smoothly. When it loses backing, as rsETH did the moment the exploit drained KelpDAO's reserves, the downstream effects are immediate. There is no circuit breaker, no committee vote, no grace period. The attacker exploited this architecture deliberately, weaponizing the composability that makes DeFi efficient.
Liquid restaking tokens like rsETH have grown rapidly in popularity over the past two years as Ethereum's staking and restaking ecosystem expanded. Protocols such as KelpDAO, EigenLayer, and others allowed users to restake their already-staked ETH to secure additional networks and earn supplementary yields. The appeal is obvious: more yield on the same capital. The trade-off, which is now playing out in real time, is that these layered financial instruments introduce compounded smart contract and bridge risks that are difficult to fully audit or insure against.
What Happens to Depositors Now
Aave's Umbrella system, which replaced the legacy Safety Module in late 2025, was designed precisely for scenarios like this. Users who staked aWETH in the Umbrella vault are subject to automatic slashing to cover the protocol's deficit. Once the slashing cycle completes, remaining WETH suppliers should regain partial withdrawal access, though a full recovery is not guaranteed and depositors may face a haircut on their positions. This incident is the first major real-world stress test for Umbrella, and how it performs will be closely watched across the DeFi sector.
For borrowers who used rsETH as collateral on Aave, the situation is equally precarious. Health factors on those positions have likely collapsed, and anyone still holding rsETH-backed loans should be preparing to add alternative collateral or repay debt immediately to avoid liquidation, assuming liquidation is even possible given the current state of the market.
The Bigger Picture for Restaking and DeFi Risk
As BeInCrypto reported, the exploit has already prompted precautionary action from connected protocols. The Upshift team, which offers non-custodial vaults for tokenized assets, announced that it has paused deposits and withdrawals to its High Growth ETH and Kelp Gain vaults while investigations continue, though its USDC and AUSD vaults have no rsETH exposure.
The broader implication is uncomfortable but necessary to confront. Liquid restaking tokens were whitelisted as collateral on major lending protocols because they represented a growing share of Ethereum's locked value and offered attractive yield opportunities. That decision assumed the underlying tokens would remain fully backed and properly secured. The KelpDAO exploit has broken that assumption in spectacular fashion, and every major DeFi lending protocol will now need to re-evaluate its risk parameters for restaked assets. The question moving forward is whether the yield premium on these instruments adequately compensates for the tail risk of a bridge failure cascading through interconnected lending markets. For many depositors currently unable to withdraw their WETH from Aave, that calculation is being reassessed under the worst possible circumstances.
