Kelp DAO: Liquid Restaking, rsETH and the 2026 Bridge Exploit Explained

A leading liquid restaking protocol built on Ethereum, Kelp DAO lets users deposit liquid staking tokens such as stETH or ETHx and receive rsETH, a restaked ETH token that continues to earn base staking rewards while tapping EigenLayer for additional yield. At the same time, the protocol has become a case study in cross-chain risk after an April 2026 bridge exploit drained roughly 116,500 unbacked rsETH—about 18% of supply at the time—via a misconfigured LayerZero setup and triggered one of DeFi’s largest-ever coordinated recovery efforts.

Restaking in Context: From ETH Staking to Liquid Restaking

Understanding Kelp DAO starts with the evolution of Ethereum staking. After Ethereum’s transition to proof-of-stake, users could lock up ETH to help secure the network and earn protocol-level rewards, but this basic staking model requires long-term lockups and technical upkeep that many participants prefer to avoid. Liquid staking protocols such as Lido’s stETH or Rocket Pool’s rETH emerged to solve that constraint by issuing derivative tokens that track staked ETH while remaining transferable in DeFi, essentially allowing users to keep their assets productive as collateral or liquidity while still earning staking yield.

Restaking builds on this idea by asking whether the same staked collateral can be reused to secure additional services beyond Ethereum’s base layer. EigenLayer, the dominant restaking middleware on Ethereum, allows staked ETH or liquid staking tokens to be “opted in” as security for a variety of actively validated services such as data availability layers, oracles, or rollup sequencers. In exchange, restakers can receive additional rewards from these services, effectively “stacking” yield streams on top of their original staking returns, but also exposing themselves to new forms of slashing if those services misbehave.

Liquid restaking tokens (LRTs) are the next iteration in this stack. Instead of each user dealing with EigenLayer’s interfaces, validator selection and reward routing, an LRT protocol aggregates deposits into a pool, restakes them into EigenLayer and issues a fungible token that represents a share of the restaked collateral. Kelp DAO’s rsETH is one of the leading examples of this design; users deposit liquid staking tokens, Kelp DAO routes them into EigenLayer restaking strategies, and rsETH becomes the composable receipt that can be held, traded, or used across DeFi while the underlying assets continue earning on multiple layers.

This layered model comes with compounding risk as well as compounding yield. Each rsETH holder is effectively exposed to Ethereum consensus risk, the underlying liquid staking protocol’s smart contracts and validator set, EigenLayer’s middleware and the specific services being restaked to, and finally Kelp DAO’s own smart contracts and cross-chain infrastructure. The 2026 exploit made this risk stack concrete by showing that even if the core restaking and staking contracts perform as designed, ancillary systems like bridges and message verifiers can still create systemic vulnerabilities that propagate through the DeFi ecosystem.

Benthic

Apr 19, 2026

View article →

Kelp DAO bridge exploit nets attacker $291M in rsETH, triggers $6.2B Aave withdrawal run

decrypt.co • Apr 19, 2026

Top Comment

Benthic

Apr 19, 2026

An attacker exploited Kelp DAO's LayerZero-powered bridge with a phantom message, minting $291M in rsETH on Ethereum without burning the corresponding tokens on Unichain. The stolen collateral was looped through Aave to borrow real assets, pushing WETH pools to 100% utilization, freezing user withdrawals, and triggering $6.2B in net Aave outflows by Sunday morning. Aave froze rsETH markets while Kelp paused contracts across mainnet and several L2s. AAVE dropped 16% to $90.13 and ETH slid 2% to $2,300 on the news.

What Is Kelp DAO?

Origins and Design Goals

Kelp DAO positions itself as a liquid restaking protocol built on Ethereum that simplifies access to EigenLayer for mainstream DeFi users. Rather than forcing users to interact with multiple contracts and tokens, Kelp DAO aggregates a range of popular liquid staking tokens such as stETH and ETHx into a single restaked asset, rsETH, that can be used across dozens of DeFi venues. The project’s public materials emphasize ease of use and broad composability, branding Kelp as an “on-ramp” into EigenLayer’s growing ecosystem of restaked services.

By 2026, Kelp DAO had grown into one of the largest liquid restaking providers, with over 2 billion dollars in total value locked and live integrations across more than 40 DeFi protocols and networks. Its strategy has been to meet users where they already are: rather than requiring fresh ETH deposits, Kelp allows holders of existing LSTs like stETH, rETH or cbETH to deposit those tokens and immediately receive rsETH, leveraging the installed base of liquid staking participants. That approach also made rsETH attractive as collateral for lending protocols such as Aave, since it encapsulates yield-bearing assets that are already widely held in the ecosystem.

Kelp DAO’s founding team is described in public materials as composed of DeFi veterans with prior experience at liquid staking projects like Lido and Rocket Pool. While granular details of its internal governance are less prominently documented, operational control of key contracts during the exploit response was exercised through a multisignature wallet referred to as the operations multisig, underscoring that despite the “DAO” branding, execution authority is at least partly concentrated in a small set of signers. Over time, the protocol has indicated an intent to rely more heavily on token-governed processes and to coordinate closely with external DAOs such as Aave DAO and Arbitrum DAO, particularly in the context of post-exploit recovery.

How rsETH Works

At its core, rsETH is a liquid restaking token that represents a pro‑rata claim on a pool of Ethereum staking assets that have been restaked via EigenLayer. When users deposit liquid staking tokens such as stETH or ETHx into Kelp DAO, those tokens are deposited into smart contracts that track the protocol’s asset pool, and the user receives a corresponding amount of rsETH that reflects their share of the pooled value. The underlying assets continue to accrue their base staking rewards from Ethereum, while Kelp allocates them into EigenLayer opportunities so that they also earn additional restaking rewards.

rsETH is designed to be liquid and composable rather than locked. Holders can transfer it like any ERC‑20 token, supply it as collateral to lending protocols, or use it in liquidity pools and structured products, while the underlying pool remains managed by Kelp’s contracts. Over time, as staking and restaking rewards accumulate, the value of the assets backing each rsETH token should increase, allowing the token’s exchange rate versus ETH or LSTs to rise even if the number of rsETH in circulation remains constant. This mirrors the “rebasing versus value‑accumulating” design choice in liquid staking; rsETH follows the value‑accrual model where yield is reflected in a rising redemption price rather than an increasing token balance.

From a user perspective, the lifecycle is straightforward. After depositing an approved LST into Kelp, the user receives rsETH, can deploy it across supported DeFi venues, and later can redeem rsETH back into underlying assets by returning it to Kelp’s smart contracts, subject to any withdrawal queues or EigenLayer constraints. The protocol also offers gain‑optimized vault options that automatically route rsETH into EigenLayer strategies and manage reward distribution, further abstracting complexity for users who prefer a set‑and‑forget approach. In each case, rsETH remains the primary representation of the user’s restaked position, which is why maintaining accurate backing and robust cross-chain accounting for rsETH is central to Kelp’s design and to the severity of the 2026 exploit.

rsETH in DeFi and Multi‑Chain Composability

By design, rsETH is meant to be woven deeply into DeFi. Prior to the exploit, it had been integrated as a collateral or yield-bearing asset in a wide range of protocols including major money markets such as Aave V3 and V4 on Ethereum and Arbitrum, as well as other lenders like Compound and Euler. Because rsETH encapsulates both base staking and additional restaking rewards, it was attractive collateral: borrowers could post rsETH, borrow ETH or stablecoins, and potentially capture a yield spread between what their collateral earned and what they paid to borrow, while protocols valued rsETH’s broad liquidity and backing by established LSTs.

To reach users on multiple chains, Kelp DAO opted to make rsETH an omnichain token. It relied on LayerZero’s Omnichain Fungible Token (OFT) standard to support bridging rsETH between Ethereum mainnet and a number of layer‑2 networks and sidechains, including Arbitrum and Unichain, a rollup environment associated with Uniswap. In this model, rsETH does not exist as entirely separate assets on each chain; rather, bridging is implemented through an escrow‑and‑mint mechanism where tokens locked in a contract on one chain correspond to tokens minted on another. The safety of this design hinges on correct cross-chain messaging so that every release of tokens on the destination chain corresponds to an authenticated burn or lock on the source chain.

The very success of rsETH’s DeFi integration amplified the stakes of any failure in that cross-chain accounting. When the LayerZero-based bridge for rsETH was compromised in April 2026, the unbacked rsETH that was released into circulation was quickly accepted by DeFi money markets as if it were fully collateralized, enabling the attacker to borrow hundreds of millions of dollars’ worth of ETH and staked ETH derivatives against it. That episode underscored the systemic implications of composable collateral: a flaw in what might be perceived as “just” a bridge configuration cascaded into solvency risks for market-leading protocols, even though Kelp’s core restaking contracts and EigenLayer’s staking logic continued to function as intended.

Cross‑Chain Architecture: LayerZero, DVNs and rsETH Bridging

Why rsETH Needed a Bridge

As DeFi activity increasingly spans multiple rollups and L2s, yield-bearing tokens such as rsETH must be available wherever users and protocols cluster if they are to remain competitive. For Kelp DAO, that meant supporting rsETH not only on Ethereum mainnet but also on chains like Arbitrum, where Aave and other protocols host active lending markets, and on ecosystems such as Unichain that experiment with new forms of decentralized trading and execution. Instead of building its own bespoke bridges, Kelp adopted LayerZero’s omnichain infrastructure, which promises generalized message passing and token bridging through a modular verification stack.

Under the OFT model, rsETH on non‑Ethereum chains represents claims on tokens held in escrow on Ethereum. When a user “bridges” rsETH from Ethereum to an L2, rsETH is locked in an adapter contract on Ethereum, and a corresponding amount is minted on the destination chain after a cross-chain message is verified. When bridging back, rsETH on the L2 is burned and the same amount is released from the Ethereum escrow. The security of this design depends on an invariant: total rsETH circulating across all chains must never exceed the amount locked plus validly minted on the canonical chain, a condition enforced in practice by verifying that every mint on a destination chain is paired with a burn or lock event on the source chain.

To verify these cross‑chain events, LayerZero relies on a Delegated Verification Network (DVN), a configurable set of off-chain observers that monitor blockchains for relevant transactions and sign attestations that a message corresponds to a real event on the source chain. Those attestations are then consumed by LayerZero endpoints on the destination chain, which forward valid payloads to application-specific adapters like Kelp’s rsETH OFT adapter. In principle, this modularity allows applications to choose their desired trade‑off between decentralization, cost and latency by selecting different DVN configurations.

The Single‑Verifier DVN Configuration

Kelp DAO’s bridge configuration for rsETH, however, chose a particularly fragile setting: a 1‑of‑1 DVN in which a single verifier held effective authority to attest cross-chain messages. In such a configuration, there is no requirement for multiple independent signers to agree on the state of the source chain; if the lone verifier attests that a burn occurred on Unichain, the Ethereum endpoint will accept that assertion at face value and instruct the OFT adapter to release escrowed tokens. This can be efficient and cheap in normal conditions, but it creates a structural single point of failure at the level of the verifier’s infrastructure.

Galaxy Digital’s post‑mortem analysis emphasized that this configuration effectively granted the DVN instance “admin‑level power over Aave’s WETH markets,” because rsETH served as widely accepted collateral in Aave pools and the bridge was the gateway through which new supply entered those markets. When the DVN attested to a forged packet, no secondary checks from other verifiers existed to veto or question the message. The rsETH OFT adapter trusted the LayerZero endpoint, which in turn trusted the DVN, reproducing a classic transitive trust problem in a cross-chain context. LayerZero has since acknowledged that continuing to support 1‑of‑1 DVN setups was a mistake and has committed not to sign or attest messages for any applications using such configurations going forward.

It is important to note that the vulnerability did not lie in rsETH’s ERC‑20 contract, in Kelp DAO’s core restaking logic, or in EigenLayer’s protocol. The issue arose entirely in the bridging layer’s verification configuration, demonstrating how security assumptions can fail at the boundaries between protocols rather than in their core code. Chainalysis stressed in its investigation that this was not a smart contract hack but an attack on off-chain infrastructure used to validate cross-chain messages. The exploit thereby broadened the industry’s understanding of what “bridge security” entails, highlighting that even heavily audited on-chain components can be undermined if the systems that feed them data are compromised.

Off‑Chain Infrastructure and RPC Dependencies

The KelpDAO exploit specifically targeted the RPC infrastructure that LayerZero’s DVN relied on to observe Unichain. According to Chainalysis, attackers linked to North Korea’s Lazarus Group compromised two internal RPC nodes operated by LayerZero, replacing their software so that they would feed falsified blockchain data to the DVN while continuing to return accurate information to LayerZero’s monitoring systems and other clients. At the same time, the attackers launched a distributed denial‑of‑service attack against one of the external RPC nodes the DVN used, forcing it to fail over to the internal, now‑compromised nodes for its view of the source chain.

Once the DVN’s perspective was dominated by poisoned nodes, it effectively saw a fictional version of Unichain’s state in which rsETH burn transactions had occurred that never actually happened on‑chain. The DVN dutifully signed attestations for messages that appeared to be backed by those burns, and the LayerZero endpoint on Ethereum treated those attestations as valid, triggering the rsETH OFT adapter to release 116,500 rsETH from its escrow in a single transaction. Because the ERC‑20 transfer and cross-chain receipt events on Ethereum were well‑formed, on-chain monitoring tools that only inspected Ethereum saw nothing amiss; only a cross‑chain invariant check comparing burns on Unichain against mints on Ethereum would have revealed that tokens had been released without a corresponding upstream reduction.

This attack model illustrates how cross-chain protocols can execute “correct” logic on top of a falsified view of reality. Every transaction in the exploit path satisfied the smart contracts’ programmed conditions, from the DVN’s adherence to its trusted RPC endpoints, to the endpoint’s verification of a properly signed packet, to the adapter’s release of escrowed tokens when instructed. The failure was in the infrastructure that supplied the DVN’s data and in the choice to accept a single verifier as authoritative. Chainalysis and Galaxy both argue that cross-chain invariant monitoring—explicitly checking that token balances and burns match across all connected chains—is essential to detect such exploits in real time. For Kelp DAO, the immediate mitigation was to pause its rsETH contracts and bridges as soon as the anomalous mint was detected, but by that point the unbacked tokens had already entered the DeFi lending ecosystem.

The April 2026 Kelp DAO Bridge Exploit

Timeline and Mechanics of the Attack

On April 18, 2026, at approximately 17:35 UTC, an attacker delivered a forged LayerZero packet to the rsETH OFT adapter on Ethereum that claimed to originate from Unichain and to correspond to a legitimate cross-chain burn. The LayerZero endpoint on Ethereum forwarded the packet for verification, and the DVN—in its compromised, 1‑of‑1 configuration—attested that the message matched an event observed on the source chain, based on falsified data from the poisoned RPC nodes. Relying on that attestation, the rsETH OFT adapter released 116,500 rsETH from its mainnet escrow to an attacker-controlled address in a single transaction, representing roughly 18% of rsETH’s circulating supply and approximately 292 to 293 million dollars at the time.

DeFiPrime’s technical reconstruction points to a single Ethereum transaction that encapsulated the core of the exploit: a call to LayerZero’s EndpointV2 contract with a forged origin packet specifying Unichain’s endpoint ID, which then triggered the rsETH adapter to emit a standard ERC‑20 transfer event delivering the newly unencumbered rsETH to the attacker. LayerZero’s later post‑mortem concluded that the exploit was a remote procedure call poisoning attack rather than a theft of private keys or a vulnerability in the protocol’s core contracts; the DVN itself and its signing keys were considered uncompromised, but the infrastructure it used to view Unichain’s state had been subverted.

Kelp DAO’s monitoring systems and the broader security community detected unusual activity soon after the large, unbacked mint of rsETH. Kelp’s operations multisig moved to pause the rsETH contracts on Ethereum and every layer‑2 where the OFT adapter was deployed within approximately 46 minutes of the initial drain, halting further forged packet processing. That action prevented the attacker from executing a second tranche, which Chainalysis reports would have attempted to extract an additional 40,000 rsETH—roughly 95 million dollars at the time—using a similar phantom packet. However, the initial 116,500 rsETH had already been released and was now a fully standard ERC‑20 asset recognized across DeFi.

Attacker Behavior, Borrowing Strategy and Attribution

Rather than attempting to dump the entire rsETH position on the open market, which would likely have crashed its price and immediately exposed the exploit, the attacker followed a now‑familiar DeFi playbook: they used the unbacked tokens as collateral across multiple lending protocols to borrow more liquid assets. On Aave V3 and V4 on Ethereum, the attacker supplied rsETH and borrowed approximately 52,834 WETH; on Aave deployments on Arbitrum, they bridged a portion of the stolen rsETH and borrowed an additional 29,782 WETH plus 821 wstETH. Smaller positions were opened on Compound V3 and Euler, adding further WETH and ETH‑denominated liabilities on top of the core Aave exposures.

Estimates of the total extracted value range between roughly 200 and 236 million dollars in WETH and wstETH, depending on execution prices and how wstETH is marked, with Galaxy’s analysis converging around 236 million dollars of borrowed liquidity. A portion of the borrowed funds was quickly routed through Tornado Cash and other obfuscation tools, with on-chain sleuths like ZachXBT flagging mixer-bound transactions within twenty minutes of the initial drain. The remainder was consolidated into a small number of attacker-controlled wallets, including addresses on Ethereum and Arbitrum where law enforcement and DAOs later intervened.

Chainalysis and Galaxy both attribute the operation, with preliminary confidence, to North Korea’s Lazarus Group, and specifically to its TraderTraitor subunit. TRM Labs’ broader 2026 threat analysis estimates that North Korea stole around 577 million dollars across just two major crypto attacks that year—on Drift Protocol and Kelp DAO—accounting for roughly 76% of all hacking losses in the sector through that point. The attribution is based on overlaps in infrastructure, tactics and laundering patterns with prior Lazarus-linked exploits, as well as the sophistication of the RPC compromise and the coordinated DDoS used to force the DVN to rely on poisoned nodes. This linkage also has downstream legal consequences, as U.S. plaintiffs holding terrorism judgments against North Korea later sought to claim frozen exploit-related funds as DPRK property.

DeFi Contagion: Aave, Compound, Euler and rsETH Depeg

Because rsETH was deeply integrated into DeFi prior to the exploit, the sudden appearance of a large tranche of unbacked rsETH collateral had immediate systemic consequences. Aave bore the brunt of the impact, as rsETH and its wrapped versions were accepted collateral across multiple Aave V3 and V4 markets on both Ethereum and Arbitrum. As the attacker borrowed WETH and wstETH against rsETH positions, Aave’s WETH reserves were drained, and key stablecoin markets reached 100% utilization, leaving essentially no liquidity for ordinary users to withdraw. Galaxy estimates that Aave’s bad debt exposure from the exploit stands in the range of 123.7 million dollars under a scenario where losses are socialized across markets and up to 230.1 million dollars if they are isolated to L2 rsETH positions.

On Compound V3 and Euler, smaller but still material positions were opened with the forged rsETH, adding to the ecosystem’s aggregate exposure to this unbacked collateral. As awareness of the exploit spread, rsETH’s market price depegged from its expected value relative to ETH and other LSTs, reflecting fears that a portion of supply might remain permanently unbacked and uncertainty about how losses would be allocated between Kelp users and external lenders. The broader DeFi ecosystem experienced significant temporary outflows of total value locked, with some coverage noting billions of dollars being withdrawn as users reassessed cross‑chain and collateral risks, although exact TVL figures vary across analytics providers.

For Aave, the immediate operational response involved freezing rsETH, wrapped rsETH and affected WETH markets across all deployments, as well as emergency adjustments to loan‑to‑value ratios and liquidation thresholds for correlated assets to reduce the risk of cascading liquidations. These measures stabilized the protocol but left it with substantial positions in which the attacker’s rsETH collateral could not be safely liquidated without clear resolution of rsETH’s backing and legal control of frozen ETH on Arbitrum. That situation set the stage for the formation of DeFi United, a multi‑protocol coalition focused on restoring rsETH’s collateralization and clearing impaired markets.

Emergency Interventions: Kelp DAO, Arbitrum Security Council and SEAL‑911

While Kelp’s operations multisig moved quickly to pause rsETH contracts, much of the on‑chain mitigation depended on cooperation from other actors. On Arbitrum One, a significant tranche of the attacker’s borrowed ETH—about 30,766 ETH—was bridged and held at an address that could be linked to the exploit. Three days after the hack, the Arbitrum Security Council, a 12‑member multisignature body empowered to take emergency actions, executed a 9‑of‑12 vote to freeze those funds. Instead of simply blacklisting the address, the Council temporarily upgraded the L1–L2 bridge contract known as the Delayed Inbox to add a function that could send cross‑chain messages on behalf of any address, then used that power to forge a transaction from the attacker that transferred the ETH to a protocol‑controlled burn address, before reverting the contract to its original state.

This maneuver effectively expropriated the attacker’s Arbitrum‑side ETH into an intermediary wallet controlled by Arbitrum governance, where the funds were placed under a social contract to be used for restitution following a broader community vote. The intervention was controversial in some quarters, as it demonstrated that rollup governance bodies can unilaterally seize funds by modifying bridge contracts, but it also showed the capacity of DAOs to act swiftly in support of ecosystem recovery. In parallel, Kelp engaged with the community incident response collective SEAL‑911 and various on-chain investigators to track the attacker’s remaining positions and to coordinate with protocols such as Aave, Compound and Euler on freezing or managing the exploiter’s accounts.

LayerZero, for its part, conducted an internal investigation, replaced the compromised RPC nodes, and published a post‑mortem that characterized the incident as an infrastructure failure in its DVN setup rather than a flaw in its core protocol. It apologized for continuing to support 1‑of‑1 DVN configurations and pledged not to sign messages for such setups in the future. However, the damage to market trust was significant, especially as other projects using LayerZero reevaluated their own configurations and some opted to migrate to alternative cross‑chain providers such as Chainlink’s Cross‑Chain Interoperability Protocol (CCIP).

Legal and Governance Fallout: Arbitrum DAO, Aave and U.S. Courts

As the technical emergency gave way to longer‑term recovery planning, the question of who ultimately bears the economic losses from the exploit moved into both DAO governance forums and traditional courts. The Arbitrum DAO voted overwhelmingly to release roughly 70 million dollars worth of ETH—essentially the 30,766 ETH seized by the Security Council—to support Kelp DAO’s and Aave’s recovery process, marking one of the largest DAO-backed restitution decisions to date. That decision reflected a judgment that helping to restore rsETH’s backing and stabilizing a key DeFi collateral asset on Arbitrum would generate ecosystem-wide benefits that justified using treasury resources.

At the same time, Aave sought to unlock and use the frozen ETH in U.S.-linked custodial settings to compensate affected users and cover bad debt, prompting intervention from plaintiffs in long‑running terrorism lawsuits against North Korea. A law firm representing those plaintiffs filed a restraining notice in the Southern District of New York, arguing that because the exploit had been attributed to the DPRK’s Lazarus Group, the seized ETH constituted North Korean property that should be made available to satisfy outstanding judgments totaling hundreds of millions of dollars. U.S. District Judge Margaret M. Garnett declined to grant Aave’s emergency motion to fully unlock the funds, instead requesting supplemental briefing and signaling that the legal issues—ranging from sovereign immunity and sanctions law to questions of property rights in hacked crypto—were complex and unsettled.

As a result, approximately 71 million dollars worth of ETH linked to the exploit remains legally restricted even as technical recovery efforts continue. Aave and Kelp have proceeded with restoration using other sources of ETH, including protocol reserves and contributions from DeFi United partners, while the court deliberates on the disposition of the frozen assets. The case raises precedent-setting questions about the intersection of decentralized governance, cross‑border cybercrime, and traditional judgments against state actors, and its eventual resolution will likely shape how future recoveries involving sanctioned entities are handled.

Danicjade

Apr 20, 2026

View article →

Following the $292M Kelp DAO rsETH exploit, 15+ protocols have frozen LayerZero bridging. Here is the full list

𝕏/@CatfishFishy • Apr 20, 2026

Top Comment

Benthic

Apr 20, 2026

Aave shedding $6B in TVL on a $292M loss shows how fast the market repriced rsETH collateral across 20 chains — backing ratios aren't verifiable without auditing every LayerZero endpoint that mints the wrapped asset. Kelp ran single-verifier against LayerZero's own published integration checklist, which puts this closer to Ronin's validator compromise than a contract bug. Compromising RPC nodes and DDoS-forcing failover is new tradecraft, but the root cause is the same lesson bridges have been dodging since 2022: single-verifier trust doesn't scale past nine figures.

Recovery and rsETH Restoration

DeFi United’s Technical Plan

In the weeks following the exploit, a coalition of DeFi stakeholders led by Aave-affiliated contributors and other ecosystem participants formed under the banner of DeFi United to coordinate a technical plan for restoring rsETH’s backing and clearing impaired positions in lending markets. Their publicly released implementation proposal identified two primary objectives. The first was to restore parity between the total rsETH in circulation and the assets backing it, including both the originally staked LSTs and any additional ETH committed for recovery. The second was to resolve the attacker-related positions on Aave and Compound in a way that minimized bad debt and allowed markets to reopen safely.

To achieve the backing restoration, DeFi United proposed depositing ETH into the rsETH bridge lockbox contract on Ethereum, specifically the RSETH_OFTAdapter, in multiple tranches. This ETH would be converted into rsETH by Kelp’s normal minting mechanisms and then transferred directly to the lockbox, effectively filling the hole left by the unbacked rsETH released during the exploit. Because the bridge adapter holds escrowed rsETH that corresponds to tokens minted on other chains, refilling it with legitimately backed rsETH would realign cross-chain supply with on‑chain collateral and permit the resumption of normal bridging operations.

On the lending side, the plan called for carefully orchestrated unwinds of the exploiter’s positions. On Aave, this involved coordinated liquidations and the use of newly minted rsETH and ETH to close out positions and reclaim collateral without triggering disorderly price moves. Compound would follow a similar approach, assisted by DeFi United providing the necessary liquidity to neutralize the exploiter’s accounts. Throughout this period, Aave’s and Compound’s rsETH and WETH markets remained frozen or partially restricted to prevent further contagion while the recovery machinery operated.

Role of Arbitrum DAO, Aave and Kelp DAO

Implementing this plan required substantial capital commitments from multiple stakeholders. Arbitrum DAO’s decision to dedicate approximately 70 million dollars worth of ETH to the recovery provided a crucial pool of assets that could be used to refill the rsETH lockbox and reduce Aave’s bad debt on Arbitrum. Aave itself contributed through its Recovery Guardian mechanism and DAO-approved initiatives that allowed protocol reserves to be deployed to cover shortfalls and facilitate controlled liquidations. Kelp DAO also committed ETH from its own treasury or reserves to ensure that rsETH backing could be fully restored, in addition to handling the smart contract upgrades and unpausing processes needed to resume normal operations.

Aave’s official communications emphasized that the restoration process would occur in phases. Initial tranches of ETH were converted into rsETH and deposited into the LayerZero OFT adapter to reestablish a fully backed cross-chain bridge for rsETH. Subsequent tranches targeted the clearing of exploiter positions and the repayment of associated bad debt across Aave deployments on Ethereum and Arbitrum, as well as supporting similar clean‑up on Compound. During this time, loan‑to‑value ratios for related assets were temporarily adjusted, and markets stayed either paused or in a conservative configuration until the coalition determined that the risks had been adequately addressed.

Resumption of rsETH Deposits, Withdrawals and DeFi Integrations

Roughly five weeks after the exploit, Kelp DAO announced that rsETH’s backing had been fully restored and that the protocol was resuming deposits and withdrawals. Coverage of the restart noted that Kelp would begin by unpausing rsETH withdrawals, giving existing holders the ability to redeem their tokens for underlying assets or to reposition their exposure, followed by reopening deposits and reestablishing normal exchange rate updates. Importantly, rsETH continued to accrue staking and restaking rewards during the pause period, and those rewards were credited to rsETH holders once the system resumed, mitigating some of the opportunity cost for long‑term users.

Aave and Kelp coordinated closely to synchronize the resumption of rsETH markets. Aave confirmed that the first tranche of rsETH had been successfully transferred into the LayerZero OFT adapter as part of the restart plan and that bridging between Ethereum mainnet and L2s had resumed. As additional tranches were delivered and exploited positions cleared, rsETH and related WETH markets on Aave were progressively unfrozen, loan‑to‑value ratios for ETH and correlated assets were restored to pre‑incident levels, and normal market operations resumed. Other protocols that had paused rsETH integration, such as Compound, followed suit once the coalition’s recovery steps were complete.

By the time Kelp DAO declared rsETH fully restored, the token’s depeg had largely resolved, and its backing once again matched the restaked Ethereum assets reflected in Kelp’s contracts and bridge lockboxes. The episode nonetheless left a lasting imprint on user perception and protocol design, as it underscored that even well‑designed collateral assets can be compromised by the failure of adjacent infrastructure and that recovery often depends on complex, multi‑party coordination across DAOs, off‑chain entities and even national courts.

Remaining Gaps and Laundered Funds

Despite the successful restoration of rsETH’s backing, not all exploit-related funds were recovered. While Arbitrum’s intervention secured about 30,766 ETH and DeFi United’s efforts reclaimed substantial collateral value on Aave and Compound, a large portion of the attacker’s borrowed WETH and wstETH was quickly laundered through mixers and other obfuscation techniques. Chainalysis reported that the stolen tokens were swapped for ETH and consolidated into a small set of wallets, from which flows to privacy protocols and potentially to off‑chain cash‑out points were observed.

TRM Labs’ broader assessment that North Korea’s Lazarus Group captured around 577 million dollars in 2026 across its two major attacks suggests that most of the exploiter’s available liquidity from Kelp DAO and Drift Protocol left the reach of on-chain recovery within days or weeks. The 71 million dollars worth of ETH currently under legal restriction in connection with the SDNY proceedings represents only a fraction of the overall stolen value, and whether that tranche will go to protocol users, to plaintiffs with DPRK-related judgments, or possibly to government agencies remains unresolved. For Kelp DAO users and Aave depositors, the key point is that the restoration of rsETH backing and the absorption of bad debt have been accomplished largely with new capital from DAOs and protocol reserves rather than through full clawback of attacker gains.

This reality reinforces a sobering lesson for DeFi: even with rapid response, sophisticated on-chain analytics, and coordinated governance, recovery from large-scale exploits often falls short of making protocols entirely whole. Instead, economic losses are redistributed among attackers, protocol treasuries, DAO tokenholders, and in some cases external claimants, while users bear indirect costs through temporary loss of liquidity, governance dilution or adjustments in protocol risk parameters. The Kelp DAO incident, because of its scale and the clarity of its forensic trail, will likely remain a reference point for how such redistributions play out in a multi‑protocol, cross‑chain environment.

Governance, “DAOs” and Multi‑Protocol Coordination

The “DAO” label in Kelp DAO’s name points to an aspiration for community‑driven governance, but the exploit highlighted how decentralized and centralized elements coexist in practice. When the attack occurred, Kelp’s immediate control over pausing contracts and blacklisting addresses resided in an operations multisig, a small set of trusted signers able to act quickly in an emergency. This model is common across DeFi, where full token-holder governance over every operational parameter is often considered too slow or unwieldy to manage real-time incident response, yet it raises questions about transparency, accountability and the distribution of power in protocols that market themselves as decentralized.

By contrast, the broader recovery effort showcased the role of large, liquid DAOs such as Aave DAO and Arbitrum DAO in absorbing and redistributing losses. Aave governance had to decide how much of the protocol’s reserves to spend on making markets whole, how to treat bad debt associated with an external protocol’s bridge exploit, and how to balance the interests of different user cohorts across Ethereum and Arbitrum deployments. Arbitrum’s tokenholders faced a different but related question: whether allocating tens of millions of dollars worth of ETH from the DAO treasury to support Kelp DAO and Aave was a prudent use of funds that would strengthen the ecosystem, or a precedent that might obligate the DAO to underwrite future external incidents.

These decisions also intersected with the legal system, as seen in the SDNY case. Aave’s attempt to unlock and deploy frozen ETH for victim restitution collided with the claims of plaintiffs holding terrorism judgments against North Korea, creating a three‑way conflict among protocol users, traditional creditors of a sanctioned state and regulators concerned with enforcing sanctions regimes. Unlike on-chain governance, which can be resolved through token-weighted voting according to predefined rules, such conflicts must be adjudicated in courts that are still developing their jurisprudence around digital assets, DAOs and cross‑border cybercrime.

For Kelp DAO itself, the post‑mortem and recovery period have prompted closer scrutiny of how governance decisions—such as choosing a 1‑of‑1 DVN setup for LayerZero—are made and by whom. The incident underlined that risk decisions about infrastructure, oracle providers and bridge configurations are effectively governance choices, even if they are framed as technical or operational matters. As Kelp migrates rsETH to Chainlink’s CCIP and revises its cross-chain architecture, the question for users and partners will be whether those decisions are made transparently, with clear articulation of trade‑offs and meaningful input from stakeholders, or whether they remain primarily in the hands of a small core team.

Kelp DAO, Chainlink CCIP and the Future of Cross‑Chain Security

Migration Away from LayerZero

In the wake of the exploit, Kelp DAO announced that it would migrate rsETH’s cross‑chain infrastructure from LayerZero to Chainlink’s Cross‑Chain Interoperability Protocol (CCIP), framing the move as part of a broader effort to strengthen rsETH’s security guarantees. Chainlink emphasized in public statements that the migration would help ensure rsETH is “fully secure” by leveraging CCIP’s enterprise‑oriented security and risk management standards and by avoiding single‑verifier configurations like the one that failed in Kelp’s LayerZero setup. This pivot is both a technical change and a signal to users and institutional partners that Kelp is responsive to lessons learned from the exploit.

Kelp DAO is not alone in making such a move. Bankless reported that more than three billion dollars of value has migrated from LayerZero-secured solutions to Chainlink-backed infrastructure since the Kelp DAO exploit, as protocols reassess cross‑chain risks and seek providers perceived as more conservative or battle‑tested. Major platforms such as Kraken have announced that their wrapped Bitcoin product, kBTC, will adopt Chainlink as its exclusive cross-chain infrastructure provider, describing CCIP as offering “enterprise-grade infrastructure with strict security and risk management requirements.” In this context, Kelp’s migration of rsETH looks like part of a broader realignment in the interoperability layer of DeFi rather than an isolated reaction.

Chainlink CCIP’s Security Posture vs DVN Configurations

While CCIP and LayerZero differ in their architectures, the key distinction in the Kelp case lies less in protocol design and more in enforceable security practices. LayerZero’s core protocol can support multi‑verifier DVN configurations with strong fault tolerance, but Kelp’s rsETH bridge used a 1‑of‑1 setup whose failure mode was catastrophic. Chainlink, by contrast, positions CCIP as a system that enforces decentralized verification and defense‑in‑depth by default, combining multiple independent oracle networks, risk management layers and rate‑limiting mechanisms. For risk‑averse applications, this difference between “configurable security” and “opinionated, high‑baseline security” is material.

From a user perspective, what matters is not the branding but the concrete guarantees about how messages are verified, how off‑chain infrastructure is secured, and how easy it is for a single compromised component to cause a system‑wide failure. The Kelp exploit demonstrated that giving a single verifier effective authority over a major asset’s cross‑chain supply can be equivalent to handing that verifier the keys to downstream collateral markets. By moving to CCIP and by rejecting single‑verifier configurations going forward, both Kelp and LayerZero are acknowledging that some degrees of freedom in infrastructure configuration are too dangerous in practice, particularly when the assets involved underpin large parts of DeFi’s credit system.

Broader DeFi Reaction and Migration Wave

The Kelp DAO incident has triggered a wave of introspection and restructuring among DeFi protocols that rely on cross‑chain messaging and bridges. Some, like Kraken with kBTC and Kelp with rsETH, are explicitly migrating to Chainlink CCIP and highlighting security features in their public communications. Others are reevaluating their LayerZero configurations, moving from 1‑of‑1 DVNs to multi‑verifier setups, or adding independent monitoring that checks cross‑chain invariants between token supplies and burns. Still others have begun to explore alternative interoperability frameworks or to reduce their reliance on cross‑chain token representations altogether, favoring native deployments on each chain or canonical bridges operated by L1 protocol teams.

Within this broader trend, large token issuers and synthetic asset platforms are particularly sensitive to the optics and reality of bridge risk, since their products often serve as base collateral in lending, derivatives and stablecoin systems. Although not all of these moves are directly documented in the sources here, newsroom reporting indicates that issuers controlling hundreds of millions of dollars worth of assets have decided to migrate away from LayerZero’s core infrastructure, often citing the Kelp exploit as a catalyst. The cumulative effect is to elevate cross‑chain risk management from a back‑office engineering concern to a first‑order strategic consideration for DeFi protocols, one that must be communicated clearly to users, auditors and regulators.

For Kelp DAO, the migration to CCIP is both a reputational and a technical reset. It allows the team to present rsETH’s post‑recovery architecture as new and improved rather than merely patched, while also aligning with a provider that many institutional actors already associate with secure oracle and interoperability services. At the same time, the move does not eliminate the need for internal governance discipline. Even on a more opinionated platform, Kelp will still need to choose parameters, rate limits and monitoring strategies, and to articulate how it will respond if future cross‑chain anomalies arise.

Danicjade

Apr 21, 2026

View article →

Jefferies warns $293M Kelp DAO exploit could derail institutional blockchain momentum, as banks reassess exposure to DeFi vulnerabilities and onchain infrastructure risks

Coindesk • Apr 21, 2026

Top Comment

Benthic

Apr 21, 2026

Aave's incident report puts unbacked rsETH borrows at $190M with $123-230M in projected bad debt depending on whether damage stays confined to L2s. The attack chain — two compromised LayerZero RPC nodes plus a DDoS on backups to force single-verifier signoff — is the default messaging-layer config BUIDL and OUSG both sit on, just with KYC'd counterparties papering over the bridge trust model. Arbitrum's $71M freeze is the only reason those loss numbers aren't already realized. Risk committees at JPM will pause tokenized deposit deployments the moment they audit their own messaging layer and find the same single-proof trust assumption.

Risks and Considerations for rsETH Users

Layered Smart Contract and Infrastructure Risk

Holding rsETH exposes users to a stacked set of risks that reflect the protocol’s position at the intersection of staking, restaking, cross‑chain messaging and DeFi composability. At the base layer, rsETH’s value depends on the security of Ethereum’s proof‑of‑stake consensus and the proper functioning of the liquid staking protocols whose tokens compose rsETH’s backing, such as Lido’s stETH or Stader’s ETHx. Any slashing, smart contract failure or governance compromise affecting those underlying LSTs would propagate to rsETH’s collateral pool. On top of that, rsETH holders rely on EigenLayer’s contracts and the integrity of the actively validated services that restaked assets secure; misbehavior there could result in slashing or other penalties that reduce the value of rsETH’s backing.

Kelp DAO’s own smart contracts add another layer. While the project has undergone security audits, its documentation explicitly notes that all DeFi protocols carry inherent risks, including the possibility of novel attack vectors not covered in audits. The April 2026 exploit did not directly compromise Kelp’s core contracts, but it exploited the protocol’s dependence on LayerZero’s off-chain infrastructure and on a highly centralized verifier configuration. This underscores that infrastructure dependencies—bridges, oracles, relays—must be treated as integral parts of a protocol’s risk surface, even if they are not developed in‑house.

Restaking and Slashing Dynamics

Restaking amplifies both rewards and potential penalties. When users deposit LSTs into Kelp, they effectively delegate to Kelp the decision of which EigenLayer services to support and under what terms. If those services perform well and remain honest, restakers earn additional rewards on top of base staking income. However, if an actively validated service experiences a bug, is attacked, or misbehaves in a way that triggers slashing conditions, restaked collateral—including the ETH underlying rsETH—may be partially or fully slashed, reducing rsETH’s backing and potentially causing its price to fall relative to ETH or other LSTs. Because EigenLayer’s ecosystem is still relatively young, the long‑term empirical distribution of such events remains uncertain.

For users, this means that rsETH is not a risk‑free “super‑stETH” but a more leveraged exposure to Ethereum’s staking economy. Gains from restaking may compensate for the added tail risk, but assessing that trade‑off requires understanding Kelp’s restaking strategy, its diversification across services and its risk controls. While detailed allocations may change frequently and are beyond the scope of the sources here, the general principle remains: restaking concentrates security risk in a smaller set of validators and services in exchange for higher yields, and users should size their exposure accordingly.

Liquidity, Depeg Risk and Systemic Contagion

The exploit made clear that even if rsETH is fully backed on paper, market liquidity can evaporate quickly when confidence in its backing or in its bridges is shaken. During the incident, rsETH’s price deviated from its expected value, Aave’s markets reached extreme utilization, and some users found themselves unable to withdraw stablecoins or unwind leverage in a timely manner. While the subsequent restoration of backing and liquidity alleviated these stresses, the episode illustrates how strongly interlinked the DeFi ecosystem has become: a problem in a restaking token’s bridge can translate into credit stress across multiple money markets and chains.

Going forward, rsETH users must remain aware that high composability cuts both ways. Deep integration into lending, derivatives and structured products can enhance rsETH’s utility and liquidity in normal times, but it also means that shocks involving rsETH—whether from slashing, bridge issues or governance disputes—may propagate widely. Protocols that accept rsETH as collateral must monitor its backing and cross-chain architecture, not just its apparent price and historical volatility. The industry’s increasing focus on cross-chain invariants and real‑time risk dashboards can help here, but they cannot eliminate the fundamental possibility of depegs or liquidity crunches.

Legal and Regulatory Uncertainty

The SDNY proceedings involving Aave’s attempt to unlock 71 million dollars in ETH tied to the Kelp exploit highlight another dimension of risk: legal claims on recovered funds can delay or complicate efforts to compensate users. When exploits are attributed to sanctioned state actors such as North Korea, as in the Kelp and Drift cases, additional layers of sanctions law, terrorism judgments and sovereign immunity come into play. Courts may consider hacked funds as potential state property subject to existing judgments, which can conflict with the interests of DeFi users and DAOs seeking restitution.

At the same time, emergency interventions like the Arbitrum Security Council’s seizure of exploit-linked ETH raise questions about property rights and procedural safeguards in DAO-governed systems. While many users applauded the recovery, others worried about the precedent of governance bodies unilaterally rewriting contract logic to confiscate funds, even in extreme circumstances. As regulators worldwide scrutinize DeFi more closely, such precedents may influence how authorities assess the enforceability of DAO actions and the responsibilities of protocol teams.

For rsETH holders, these dynamics imply that even in successful recovery scenarios, the path to restitution may be mediated by complex legal processes and governance debates beyond their direct control. Holding restaked assets is not only a technical and economic bet but increasingly a bet on the evolution of crypto-native governance and its interface with state legal systems.

How Kelp DAO Fits into the Restaking Landscape

Kelp DAO operates in a competitive and fast‑moving field of liquid restaking protocols, with other players launching their own restaked tokens and vying for integrations with EigenLayer and major DeFi platforms. While the sources here do not cover specific competitors in detail, Kelp’s distinguishing features include its focus on aggregating existing LSTs into rsETH, its early and deep integration with lending markets like Aave, and, now, its prominent role as a cautionary tale about cross-chain risk and recovery.

By wrapping multiple LSTs into rsETH, Kelp offers users a way to consolidate their restaking exposure and to unlock EigenLayer yields without manually managing stakes across multiple providers. This “LST aggregator” model can simplify portfolio management and has likely contributed to Kelp’s rapid growth in TVL. At the same time, it means that rsETH’s risk profile is partly a weighted blend of the risks of its underlying LSTs, and that Kelp’s risk management must account for diversification not only across EigenLayer services but also across staking providers and chains.

The exploit has also positioned Kelp DAO as a reference point for discussions about systemic risk in DeFi. Analysts and protocol designers now frequently cite the Kelp incident when arguing for stronger cross-chain verification, more conservative collateral listings, and better segregation of bridge risk from core lending markets. For example, some propose limiting the share of any single cross-chain LRT in a money market’s collateral set, or requiring proof-of-reserves style attestations for bridged tokens before they can be used as collateral at scale. Others look to the DeFi United recovery as a template for multi‑protocol coalitions that can rapidly mobilize capital and governance attention when critical assets are compromised.

In that sense, Kelp DAO’s story is no longer just about a single protocol’s design and misfortune. It is about how the restaking narrative intersects with the realities of infrastructure risk, how DAOs coordinate under stress, and how the DeFi ecosystem grapples with the consequences of its own composability. Whether rsETH ultimately regains its pre‑exploit prominence will depend not only on Kelp’s internal choices but also on how the broader market prices restaking risk and cross-chain exposure in the coming years.

Outlook

Kelp DAO emerges from the 2026 exploit both chastened and, in some respects, strengthened. The protocol has restored rsETH’s backing, resumed deposits and withdrawals, and secured substantial support from major DAOs like Aave and Arbitrum, demonstrating that the DeFi ecosystem can mount coordinated responses to large‑scale failures. Its decision to migrate rsETH’s cross‑chain infrastructure from LayerZero to Chainlink CCIP aligns with a broader industry shift toward more opinionated security models and away from configurations that allow single points of failure in verification.

Yet the incident will likely continue to shape how users, protocols and regulators view Kelp and liquid restaking more broadly. rsETH now carries not only the promise of stacked staking and restaking yields but also the memory of how bridge misconfigurations can threaten even fundamentally sound core contracts. For users, that implies a need for more nuanced risk assessment, looking beyond APR figures to factors such as bridge design, governance structures and the resilience of off-chain infrastructure. For protocols that integrate rsETH, it underscores the importance of independent monitoring and prudent collateral parameters.

Over the medium term, Kelp DAO’s trajectory will be a barometer for the restaking sector. If the protocol can rebuild trust, harden its infrastructure, and demonstrate transparent, robust governance—while avoiding further major incidents—it may regain and even expand its role as a leading on‑ramp to EigenLayer’s ecosystem. If, however, restaking tokens continue to feature disproportionately in systemic events, market appetite for highly composable, cross-chain LRTs may wane in favor of simpler, more localized designs. Either way, the lessons from Kelp DAO’s rise, exploit and recovery are likely to remain central to how DeFi thinks about the intersection of yield, security and decentralization.