rsETH: Kelp DAO’s Restaked Ether Token and Its DeFi Aftermath

This restaked Ether derivative from Kelp DAO represents pooled deposits of ETH and liquid staking tokens that are redeployed through EigenLayer to earn additional yield while remaining liquid and composable across DeFi. rsETH’s rapid growth, and the 2026 bridge exploit that temporarily left a large slice of its supply unbacked, have turned it into a case study in both the promise of restaking and the systemic risks of cross‑chain infrastructure.

rsETH sits at the intersection of several of the most powerful trends in Ethereum finance: liquid staking, restaking, and omnichain interoperability. Kelp DAO, launched in late 2023 by co‑founders of Stader Labs, built rsETH as a liquid restaking token that aggregates ETH and leading liquid staking tokens such as stETH and ETHx, delegates them into EigenLayer via vetted node operators, and returns a yield‑bearing token that can be used throughout DeFi. At its peak, rsETH helped Kelp become one of the largest liquid restaking protocols with more than \(2\) billion USD in total value locked and reach across more than forty networks, largely via LayerZero’s omnichain token standard. On 18 April 2026, however, attackers linked to North Korea’s Lazarus Group compromised off‑chain infrastructure used by LayerZero’s verifier network and forged a cross‑chain message, causing Kelp’s Ethereum bridge adapter to release \(116{,}500\) rsETH—about 292–300 million USD at the time—without a corresponding burn on the source chain. This created an approximately \(18\%\) shortfall in rsETH’s effective backing relative to its total supply, even though the underlying restaked ETH remained intact, and the unbacked tokens were quickly used as collateral across lending markets such as Aave and Compound.

The exploit triggered an emergency, multi‑protocol response: lending markets froze or sharply limited borrowing against WETH and rsETH, a recovery coalition called DeFi United formed to design a coordinated remediation plan, and Kelp DAO paused rsETH operations while it worked to refill the bridge lockbox. Over the following weeks, a combination of pledged ETH contributions, liquidation of exploiter positions, and direct injections of rsETH into the affected lockbox allowed Kelp to restore more than \(95\%\) of the missing backing and eventually fully recapitalize the token. Aave’s risk service providers and governance participants simultaneously debated the regulatory implications of the incident, pointing to the European MiCA framework to argue that Kelp, as issuer, bore primary responsibility for covering losses before they hit Aave’s stakers or treasury. By the time Kelp finalized the operational phase of its recovery plan—transferring the last tranche of replacement rsETH into its bridge adapter and resuming normal deposits, withdrawals, and claims—the incident had already reshaped how DeFi projects think about bridge configuration, off‑chain infrastructure, and the dangers of 1‑of‑1 verification setups.

In the longer term, Kelp has moved to sunset rsETH bridging on roughly twenty secondary networks and to migrate away from LayerZero toward Chainlink’s CCIP for future interoperability, while offering a manual recovery path for stragglers who did not bridge back to Ethereum by the June 15 deadline. The rsETH saga thus encapsulates both the structural appeal of liquid restaking and the emerging consensus that cross‑chain security hinges as much on off‑chain infrastructure and governance choices as it does on audited smart contracts.

Background: Restaking, Kelp DAO, and the Emergence of rsETH

From Staking to Restaking

Ethereum’s transition to proof‑of‑stake made staking the core security primitive of the network and turned staked ETH into a yield‑bearing base asset. Liquid staking protocols such as Lido’s stETH and others further abstracted this by issuing transferable receipts that represent claims on staked ETH plus accrued rewards, allowing users to retain liquidity while supporting network security. Restaking adds a new layer to this stack: it allows staked assets, or their liquid representations, to be pledged again to secure additional services—EigenLayer calls these Actively Validated Services (AVSs)—in exchange for extra yield. In economic terms, restaking is an attempt to reuse the same underlying collateral (staked ETH) as a security budget for multiple protocols, with the promise of higher returns but also the possibility of more complex slashing and correlation risks.

EigenLayer operationalized this idea by letting users and liquid staking protocols “opt in” their staked ETH or liquid staking tokens to a common marketplace of AVSs, which can define their own verification rules and slashing conditions. Restakers earn additional rewards from AVSs, on top of the base Ethereum staking yield, in exchange for agreeing that their stake can be penalized if they misbehave according to those AVS rules. In practice, most users do not interact directly with EigenLayer contracts; instead, they rely on intermediaries and liquid restaking protocols that aggregate deposits, manage node operators, and issue their own liquid restaking tokens (LRTs). Kelp DAO is one such intermediary, and rsETH is its flagship LRT built on top of EigenLayer.

Kelp DAO’s Design and Objectives

Kelp DAO launched in December 2023, founded by members of the team behind Stader Labs, with a mission to make restaking accessible to mainstream DeFi users while managing the added complexity and risk. Rather than only accepting native ETH, Kelp allows users to deposit a range of liquid staking tokens, including ETHx (from Stader), stETH (from Lido), and native ETH, which are then restaked through EigenLayer via a curated set of node operators. Depositors receive rsETH in return, a token that reflects a proportional claim on the aggregate pool of restaked assets and their accumulated rewards. In design terms, Kelp functions as a yield aggregator and risk manager on top of EigenLayer, aiming to optimize the mix of AVSs and operators to achieve attractive yields without exposing depositors to outsized slashing or operational risk.

The protocol’s documentation and independent risk assessments describe a governance and operational structure in which Kelp DAO evaluates available AVSs and node operators, assigns internal risk scores, and allocates restaked capital accordingly. This is intended to shield ordinary users from having to make complex security judgments about individual AVSs while still allowing the protocol to respond dynamically as the EigenLayer ecosystem evolves. Over time, Kelp’s strategy and branding leaned heavily on composability: rsETH was promoted as a core DeFi building block, suitable as collateral in lending markets, liquidity in DEX pools, and a base asset for structured products, thanks in part to its presence on many chains. Kelp’s rapid growth—reaching more than \(2\) billion USD in total value locked and deployment on over forty DeFi networks—illustrates how compelling this value proposition became in the restaking boom.

However, that same focus on omnichain reach and aggressive DeFi integration also placed rsETH squarely in the blast radius when cross‑chain infrastructure failed. The protocol’s decision to rely on a single LayerZero Decentralized Verifier Network (DVN) to secure its omnichain fungible token (OFT) bridge, and to take advantage of default configurations that prioritized ease of deployment, would later prove to be the weakest link in an otherwise robust restaking architecture.

Benthic

Apr 19, 2026

View article →

Kelp DAO bridge exploit nets attacker $291M in rsETH, triggers $6.2B Aave withdrawal run

decrypt.co • Apr 19, 2026

Top Comment

Benthic

Apr 19, 2026

An attacker exploited Kelp DAO's LayerZero-powered bridge with a phantom message, minting $291M in rsETH on Ethereum without burning the corresponding tokens on Unichain. The stolen collateral was looped through Aave to borrow real assets, pushing WETH pools to 100% utilization, freezing user withdrawals, and triggering $6.2B in net Aave outflows by Sunday morning. Aave froze rsETH markets while Kelp paused contracts across mainnet and several L2s. AAVE dropped 16% to $90.13 and ETH slid 2% to $2,300 on the news.

rsETH Token Mechanics and Economics

Deposits, Minting, and Backing

At its core, rsETH is a claim on a pool of ETH and liquid staking tokens that Kelp DAO has deposited into EigenLayer on behalf of users. When a user deposits supported assets—such as ETH, stETH, or ETHx—into Kelp’s smart contracts, those assets are pooled and restaked via a set of vetted node operators who run the necessary infrastructure for both Ethereum staking and EigenLayer AVSs. In exchange, the user receives an amount of rsETH that reflects their share of the pool, taking into account the different exchange rates of the underlying LSTs and any initial protocol fees. The token is designed to be yield‑bearing: as the underlying restaked assets accrue rewards, rsETH’s value relative to ETH grows over time rather than paying out discrete distributions.

From a backing perspective, the canonical rsETH supply is anchored in the assets held by Kelp’s restaking contracts and delegated to node operators. Independent risk analyses and governance discussions have cited figures of roughly \(630{,}000\) rsETH in total supply at the time of the exploit, against which the protocol held about \(533{,}000\) ETH‑equivalent assets after accounting for the unbacked portion created by the bridge incident. Under normal conditions, the relationship between supply and backing is intended to be straightforward: every rsETH token should correspond to a proportional claim on the underlying restaked assets, so that the total rsETH in circulation does not exceed the total collateral under management once exchange rates are factored in. This conservation principle becomes more complex, however, once cross‑chain bridges and wrapped representations are introduced, because the same canonical rsETH supply must be mirrored across multiple networks via lock‑and‑mint or burn‑and‑unlock mechanisms.

Before the exploit, Kelp used a LayerZero‑based OFT adapter on Ethereum that acted as an escrow for rsETH when the token was moved to other chains. When a user bridged rsETH from Ethereum to another network, the canonical tokens would be locked in this adapter contract and a corresponding amount of wrapped rsETH would be minted on the destination chain. Conversely, bridging back involved burning the wrapped representation and having the adapter release the locked canonical rsETH. Under ideal conditions, the total amount of rsETH minted on all chains, including wrapped versions, should never exceed the amount of canonical rsETH locked in the adapter plus the supply directly held on Ethereum. The April 2026 exploit exploited exactly this invariant by tricking the adapter into releasing rsETH without a real burn upstream.

Restaking via EigenLayer and Yield Generation

Once user deposits are pooled, Kelp delegates them to EigenLayer contracts and then on to a set of node operators, each of whom may be running multiple AVSs in addition to Ethereum validators. EigenLayer’s model allows restakers to opt into securing different services, each with its own reward structure and slashing rules, so Kelp’s allocation choices effectively determine the risk‑return profile of rsETH. In economic terms, rsETH seeks to capture three main sources of value: base Ethereum staking rewards, potential additional yields from AVSs that pay for security, and perhaps marginally improved MEV‑related returns from sophisticated node operators. Kelp’s strategy is to diversify across AVSs and operators it considers trustworthy, thereby smoothing idiosyncratic risk while still offering a yield uplift over plain ETH staking.

The exact yield profile of rsETH at any given time depends on the mix of underlying assets and AVSs, the prevailing base staking rate on Ethereum, and any protocol‑level fees. Market commentary and recovery‑plan documentation have noted that rsETH historically traded at an exchange ratio of about \(1.07\) ETH per token, reflecting accumulated restaking rewards and the expectation of continued yield. That ratio is not a hard peg but rather an emergent price in DeFi markets, influenced by arbitrage between rsETH, ETH, and other liquid staking tokens, as well as by changing perceptions of restaking risk. Over time, as EigenLayer matures and more AVSs come online, the restaking component of rsETH’s yield could become more significant relative to base staking rewards, although it also introduces additional correlation risks if multiple AVSs fail or mis‑slash at once.

From a mechanics standpoint, rsETH is typically designed as a rebasing or exchange‑rate‑drifting token, meaning that holding a fixed number of tokens entitles the owner to an increasing amount of underlying ETH over time as rewards are realized and reinvested. In practice, this is implemented by updating the internal accounting that maps rsETH units to the basket of restaked assets held by the protocol, rather than by explicitly crediting new tokens to holder balances. This design simplifies integration with DeFi protocols, since the token balance itself does not change, while still allowing rsETH to accrue value in a way that resembles an index of restaked ETH positions.

Soft Peg, Exchange Rate, and Market Behavior

Unlike a stablecoin, rsETH does not target a fixed nominal peg; instead, it aims for a “soft peg” to the value of the underlying restaked ETH, with a gradually rising exchange rate as rewards accumulate. Prior to the exploit, rsETH typically traded at a modest premium to ETH in spot markets, consistent with an exchange ratio around \(1.07\) ETH per rsETH, as arbitrageurs took advantage of any deviations by minting or redeeming through Kelp and trading on decentralized exchanges. Because rsETH is yield‑bearing, its market price reflects both current backing and expectations of future returns, similar to how traditional fixed‑income instruments price expected coupons and risk. When markets view restaking as relatively safe and AVS demand as robust, the token’s premium over ETH may widen; when concerns arise about slashing risk, governance decisions, or integration safety, the premium can compress or flip into a discount.

The exploit created a sharp discontinuity in this dynamic by injecting \(116{,}500\) unbacked rsETH into circulation. Governance participants at Aave and elsewhere estimated that these unbacked tokens represented approximately \(18\%\) of the total rsETH supply of about \(630{,}000\) units, leaving only \(533{,}000\) ETH‑equivalent assets to back all outstanding claims. In economic terms, the exploit did not reduce the underlying pool of restaked ETH, but it diluted existing holders by increasing the total number of claims relative to the pool. Markets quickly recognized that a portion of rsETH had become structurally under‑collateralized, leading to severe price dislocations and the need for emergency circuit breakers. On chains where bridged rsETH could no longer be confidently redeemed against Ethereum collateral—because the bridge lockbox had been drained—withdrawals were paused, liquidity fled from DEX pools, and any protocol that accepted rsETH as collateral was forced to confront potential bad debt.

In the recovery phase, as DeFi United’s plan and Kelp’s recapitalization efforts gradually restored backing, rsETH’s market behavior began to normalize. Arbitrage opportunities emerged as the gap between on‑chain backing and market price narrowed, while risk managers cautiously reopened markets or restored loan‑to‑value ratios for correlated assets such as WETH once they judged that contagion had been contained. This episode underscores how sensitive liquid restaking tokens are not only to the economics of staking but also to the integrity of their bridging and accounting systems, which can abruptly change the effective backing without any change in the underlying validator performance.

Risk Profile: Slashing, Smart Contracts, and Bridge Exposure

The risk profile of rsETH combines several layers. At the base, there is standard Ethereum staking risk: catastrophic consensus failures or bugs in the staking protocol could lead to slashings that impair underlying collateral, although this is widely regarded as a low‑probability scenario. On top of this, Kelp introduces EigenLayer‑specific risk: by opting into multiple AVSs, rsETH’s backing becomes exposed to the possibility of AVS‑driven slashing or misconfiguration, which could burn a proportional share of the vault’s assets if operators are deemed to have misbehaved. Kelp’s published risk framework emphasizes that it conducts due diligence on AVSs and node operators, and that it attempts to mitigate risk through diversification and conservative allocations. Yet, as with any delegated risk assessment, users ultimately rely on Kelp’s governance to make sound decisions in a rapidly evolving ecosystem.

Smart contract risk is another layer. While Kelp’s restaking contracts held up during the exploit—EigenLayer delegations and core rsETH backing on Ethereum remained intact—the episode illustrated that robust contract security is necessary but not sufficient. The vulnerability emerged not in Kelp’s core contracts or in EigenLayer’s, but in the configuration of the bridging adapter and the off‑chain infrastructure feeding data to LayerZero’s DVN. This shows how rsETH’s risk is inextricably tied to third‑party infrastructure and cross‑chain design choices, which can introduce new failure modes that traditional audits do not catch.

Bridge exposure is arguably the most distinctive risk for rsETH relative to a plain liquid staking token. Prior to the exploit, Kelp made rsETH available on more than twenty networks via LayerZero’s OFT standard, greatly expanding its DeFi footprint but also creating a complex web of wrapped representations and trust assumptions. When the bridge invariant—total minted supply never exceeding locked collateral—was violated, this cross‑chain architecture became a vector for contagion: holders on bridged chains suddenly faced the possibility that their rsETH was only partially backed, yet the on‑chain transactions that led to this state all appeared valid. The incident thus highlights that for tokens like rsETH, bridge configuration and off‑chain infrastructure must be treated as first‑class components of the risk model, on par with contract audits and validator performance.

rsETH in DeFi Markets

Collateral and Leverage Use Cases

From early on, rsETH was marketed not only as a yield‑bearing asset but also as a powerful DeFi collateral. Because it represents restaked ETH with enhanced yield, using rsETH as collateral in lending markets offers users the possibility of “looping” strategies: borrowing against rsETH to buy more ETH or LSTs, restaking them, and repeating the cycle to amplify returns. Major lending protocols such as Aave and Compound integrated rsETH as collateral, often in high‑leverage environments, relying on risk service providers and governance delegates to calibrate loan‑to‑value ratios and liquidation thresholds. In normal times, this integration deepened rsETH liquidity and helped solidify its role as a base asset in yield‑seeking strategies.

The exploit revealed, however, that such integrations can also amplify the consequences of a failure in the underlying token’s infrastructure. Attackers who received the unbacked rsETH from the forged bridge message quickly deployed it across DeFi, using it as collateral on platforms including Aave and Compound to borrow other assets, notably WETH and stablecoins. Because traditional risk models focused on on‑chain metrics like price feeds, volatility, and liquidity, they did not immediately distinguish between backed and unbacked rsETH; from the perspective of an Aave market, all rsETH looked the same, and its on‑chain price feeds remained within expected ranges until the incident was recognized. This allowed the attackers to open roughly eight large positions across Ethereum and Arbitrum that created about 292 million USD in latent bad debt, contingent on what portion of rsETH backing was ultimately restored.

Post‑incident governance discussions on Aave’s forum highlighted that rsETH’s path into the highest‑leverage markets had been driven by a combination of user demand and proactive advocacy by risk delegates and service providers, who regarded restaked ETH as a relatively blue‑chip asset class. In hindsight, some participants argued that the protocol should have applied stricter due diligence to the bridge architecture and off‑chain dependencies of LRTs, or at least imposed more conservative loan‑to‑value ratios to account for cross‑chain risk. This debate has since informed a more cautious stance toward listing complex derivative assets with multi‑layered trust assumptions, especially in configurations where they can be used to borrow large quantities of base assets like WETH.

Cross-Chain Expansion: rsETH on 20+ Networks

Kelp’s decision to adopt LayerZero’s OFT standard was central to rsETH’s strategy of omnichain expansion. The OFT model allows a token to exist “natively” across multiple chains by tying its supply to lock‑and‑mint mechanics controlled by an on‑chain adapter and off‑chain verifiers, in this case LayerZero’s DVN. For rsETH, the Ethereum OFT adapter contract held canonical rsETH in escrow, while wrapped representations were minted on networks such as Arbitrum, Base, Mantle, Linea, and various sidechains whenever users bridged out. This architecture made it easy for DeFi applications on those chains to support rsETH without building their own bridges, and it allowed Kelp to rapidly scale rsETH’s presence to over twenty networks, effectively using LayerZero as the connective tissue of its ecosystem.

On each destination chain, rsETH’s wrapped representation could be supplied to lending markets, paired with ETH or stablecoins in DEX pools, or used as building block in structured products. Arbitrage between chains and back to Ethereum helped keep prices roughly aligned, as the assumption was that any rsETH, no matter where it lived, was ultimately redeemable against the same pool of restaked ETH via the OFT adapter. By design, the total number of rsETH claims across chains was constrained by the amount of canonical rsETH locked in the adapter plus any supply already circulating on Ethereum, such that cross‑chain movement should not change the aggregate level of backing.

The exploit forced a wholesale reassessment of this model. Once it became clear that the adapter had been tricked into releasing 116,500 rsETH without a legitimate burn on the source chain, the symmetry between chains broke down. Some bridged rsETH was now effectively unbacked but indistinguishable from backed rsETH in smart contracts, and because the unbacked supply had already been passed through various DeFi positions, it was impossible to simply “roll back” to a prior state. Kelp and its partners responded by pausing bridging and, later, by deciding to sunset rsETH support on many of the secondary networks. Public statements from the team advised users holding rsETH on those “sunset networks” to bridge back to Ethereum by June 15 and announced that bridging on twenty networks was being fully shut down on that date.

Price Discovery, Liquidity, and WETH Markets

The bridge exploit and subsequent response had immediate spillover effects on broader DeFi markets, particularly those involving WETH. Because attackers had used unbacked rsETH as collateral to borrow WETH, a sudden impairment in rsETH could translate into under‑collateralized WETH loans and potential shortfalls in WETH reserves if liquidations failed to recoup the borrowed assets. To mitigate this risk while the scope of the incident was being assessed, Aave governance enacted precautionary measures, most notably setting the loan‑to‑value ratio of WETH to zero across multiple Aave v3 deployments, including Ethereum mainnet, Arbitrum, Base, Mantle, and Linea. This effectively froze new borrowing against WETH and signaled to markets that the protocol was prioritizing preservation of WETH solvency while the rsETH situation unfolded.

As the recovery plan progressed and more information about the exploit’s containment became available, these measures were gradually reversed. DeFi United’s roadmap, Kelp’s injections into the LayerZero lockbox, and the closure or neutralization of exploiter positions gave risk managers confidence that WETH exposures were no longer in imminent danger. Aave governance proposals subsequently restored WETH loan‑to‑value ratios to their pre‑incident levels across the affected v3 markets, re‑enabling borrowing and collateral swaps that had been temporarily disabled. Media coverage highlighted that WETH markets had “returned to normal operations” as these changes took effect, underscoring how closely the liquidity of one of DeFi’s most foundational assets had been tethered to the fate of a single restaking token.

For rsETH itself, liquidity and price discovery differed somewhat between Ethereum and bridged chains. On Ethereum, as backing was progressively restored, rsETH’s price converged toward levels consistent with its underlying restaked ETH, though markets remained sensitive to governance updates and recovery milestones. On bridged chains where support was later sunset, the picture was more complicated: some holders faced illiquid markets or paused bridges, and their path to recovery depended on Kelp’s manual process for post‑deadline claims, which requires burning rsETH on the source chain, paying a \(100\) USDC fee on Ethereum, and submitting proof of both transactions for quarterly settlement. This episode illustrates that for cross‑chain restaking tokens, liquidity conditions and user experience can diverge sharply depending on how and where the token is held when extreme events occur.

The April 2026 rsETH Bridge Exploit

Pre-Exploit Architecture: LayerZero, OFTs, and DVNs

To understand the exploit, it is important to unpack the architecture Kelp used for rsETH’s cross‑chain functionality. Kelp adopted LayerZero’s Omnichain Fungible Token (OFT) standard, which allows a token to exist across multiple chains under a unified framework, using a combination of on‑chain endpoint contracts and off‑chain message relayers and verifiers. For rsETH, the Ethereum‑side OFT adapter at address \(0x85d456B2DfF1fd8245387C0BfB64Dfb700e98Ef3\) acted as the primary lockbox: when users bridged rsETH to another chain, the adapter escrowed the tokens and authorized the minting of wrapped rsETH on the destination network. The adapter only executed such actions when it received a valid cross‑chain message from LayerZero’s Endpoint contract, which in turn relied on Decentralized Verifier Networks (DVNs) to attest that a corresponding burn or lock event had occurred on the source chain.

In theory, DVNs provide a layer of decentralized security by requiring multiple independent entities to sign off on cross‑chain messages before they are delivered. LayerZero’s configuration model allows applications (oApps) to choose how many DVNs must agree on a message—typical secure configurations might be \(2\)-of‑\(3\) or \(3\)-of‑\(5\)—and to optionally include additional verifiers for redundancy. However, rsETH’s OFT adapter was configured in a markedly different way. Both the sender‑side and receiver‑side DVN contracts for rsETH used a one‑of‑one validator stack that was entirely operated by LayerZero Labs itself, meaning that a single DVN’s attestation was sufficient to authorize any cross‑chain message. This created a single point of failure: if the DVN could be tricked into believing that a burn had occurred on the source chain when in fact it had not, there was no second or third independent verifier to catch the discrepancy.

LayerZero’s DVN implementation relied on a mix of internal and external RPC nodes to read state from source chains. The DVN queried these nodes to confirm that a bridge transaction—such as burning wrapped rsETH on a secondary chain—had really occurred before signing a message for the Ethereum Endpoint contract. Under normal conditions, this setup provided some redundancy: even if one RPC provider lagged or encountered temporary issues, others could supply accurate chain data. Yet, as the exploit revealed, the combination of a 1‑of‑1 DVN and compromised internal RPC nodes undermined the entire trust model and enabled attackers to construct a falsified view of reality that the DVN nonetheless accepted as true.

Attack Chain: Compromised RPC Nodes and a Forged Burn

On April 18, 2026, attackers later attributed to North Korea’s Lazarus Group, specifically the TraderTraitor subgroup, executed a sophisticated operation targeting the LayerZero Labs infrastructure used to secure Kelp’s rsETH bridge. Chainalysis and other security researchers reported that the attackers first obtained a list of RPC endpoints that the DVN queried for source‑chain data and then compromised two internal RPC nodes hosted by LayerZero Labs, each running on separate infrastructure clusters. They replaced or modified the software on these nodes so that they would feed falsified block data to the DVN while still returning accurate information to other monitoring systems, including LayerZero’s own internal observability tools. To ensure that the DVN relied primarily on the compromised nodes, the attackers also launched distributed denial‑of‑service (DDoS) attacks against external RPC providers in the DVN’s configuration, effectively degrading or knocking offline the alternative sources of truth.

With this setup in place, the attackers crafted a cross‑chain message that purported to represent a burn of rsETH on a source chain identified as “Unichain” in the LayerZero ecosystem. The compromised internal RPC nodes reported a consistent but entirely fabricated view of the source chain, including blocks that showed the relevant burn transactions even though no such burns had occurred on the real chain. The DVN, seeing corroborating data from what it thought were multiple independent RPCs (but were in fact two compromised nodes plus DDoS‑silenced external nodes), concluded that the burn was legitimate and signed an attestation to that effect. This attestation was then passed to the Endpoint contract on Ethereum, which in turn delivered the message to Kelp’s OFT adapter at \(0x85d456B2DfF1fd8245387C0BfB64Dfb700e98Ef3\).

Trusting the DVN’s signature, the adapter released \(116{,}500\) rsETH from its escrow to an address controlled by the attackers, \(0x8B1b6c9A6DB1304000412dd21Ae6A70a82d60D3b\), in what appeared on‑chain to be a perfectly valid bridge transaction. There was no reentrancy, no missing access control, and no manipulation of an oracle price; the contracts behaved exactly as programmed, based on the assumption that the DVN’s view of the source chain was accurate. As Chainalysis and others later observed, the system “executed a correct transaction on top of a falsified view of reality,” with the root cause being the compromise of off‑chain infrastructure rather than any bug in Kelp’s or LayerZero’s on‑chain code. Because the DVN contract and its signing keys lived on Ethereum, the attackers could in principle have spoofed any source chain that the adapter trusted; the choice of Unichain as the purported origin was essentially cosmetic.

Impact on rsETH Backing and DeFi Contagion

The immediate impact of the forged message was that the Ethereum‑side OFT adapter’s lockbox lost \(116{,}500\) rsETH that it should never have released. Since there had been no corresponding burn on any source chain, the total supply of rsETH in circulation now exceeded the backing held by Kelp and its node operators by exactly that amount. Aave governance analyses calculated that, given a total supply of roughly \(630{,}000\) rsETH at the time, this created an \(18\%\) gap between supply and backing, leaving only \(533{,}000\) ETH‑equivalent assets to support the entire outstanding rsETH base. Importantly, the exploit did not touch the restaking contracts themselves: EigenLayer delegations remained intact, and all the legitimate user deposits that had backed rsETH before the incident were still in place. The problem was purely one of over‑issuance caused by the bridge, but from the perspective of any given rsETH holder, that distinction offered little comfort until a concrete recovery plan emerged.

Because the attackers moved quickly to use their unbacked rsETH as collateral in lending markets, the exploit’s effects propagated through DeFi before many observers fully understood what had happened. DeFi United’s post‑mortem described how the attackers supplied rsETH on platforms including Aave and Compound to borrow WETH and other assets, creating roughly 292 million USD in bad debt exposure across eight key positions on Ethereum and Arbitrum. These positions were initially indistinguishable from legitimate user positions because the on‑chain behavior of the unbacked rsETH did not differ from that of backed rsETH; price oracles still reported coherent market prices, and there was no immediate depeg that would have triggered abnormal risk alerts.

On chains where bridged rsETH was widely used as collateral or liquidity, the pausing of bridges and uncertainty about backing led to abrupt market freezes. Kelp halted rsETH operations while investigating, and many DeFi protocols either paused rsETH markets entirely or set loan‑to‑value ratios to zero, effectively disabling new borrowing against the token. The impact extended even to assets not directly compromised by the exploit: WETH markets, central to much of DeFi, were subject to precautionary restrictions because of their exposure to potentially under‑collateralized rsETH loans. Despite these disruptions, there was no broader “restaking contagion” in the sense of other LSTs or LRTs suffering direct losses; independent coverage emphasized that assets such as stETH, wstETH, rETH, and cbETH were untouched by the exploit and that the failure was specific to “one adapter, one DVN, one trust model.”

The Role and Response of LayerZero

LayerZero’s role in the incident has been the subject of intense scrutiny. In public statements, LayerZero emphasized that the exploit was isolated to Kelp’s rsETH configuration and that the use of a single DVN for such a large value pool contradicted its recommended best practices of multi‑DVN, N‑of‑M configurations. From this perspective, the root cause lay in Kelp’s choice—perhaps influenced by defaults and ease of deployment—to rely on a 1‑of‑1 DVN whose validator stack and infrastructure were entirely operated by LayerZero Labs. Security firms such as Certora agreed that this configuration created a single point of failure and argued that no production bridge lane should ever be allowed to run with 1‑of‑1 verifiers, especially when hundreds of millions of dollars are at stake.

At the same time, Kelp and independent researchers like Chainalysis pointed out that the specific weakness exploited was in LayerZero Labs’ internal infrastructure rather than in any Kelp‑controlled system. According to Kelp’s communications, the attackers exploited LayerZero’s own RPC stacks to feed falsified data to the DVN, and independent investigations by SEAL 911, Chainalysis, and others converged on the conclusion that the operation originated from LayerZero’s environment rather than Kelp’s. Kelp publicly stated that the exploit “originated on LayerZero Labs’ infrastructure,” resulting in over 300 million USD of losses across DeFi, and announced that it would migrate rsETH’s cross‑chain connectivity to Chainlink’s CCIP in order to rely on infrastructure “that doesn’t leave these questions open.”

Regardless of how blame is apportioned, the consensus among security professionals is that the incident underscores fundamental lessons about bridge design. Cross‑chain systems inherit the security of their weakest off‑chain dependency, and 1‑of‑1 verifiers or DVNs should now be treated not as fringe configurations but as active risk factors. Best practices articulated in the wake of the exploit include enforcing multi‑DVN quorums operated by independent entities, using multiple unrelated RPC providers and client configurations, implementing supply‑conservation checks across chains, and deploying invariant‑based monitoring that can detect situations where wrapped token supply diverges from locked collateral, even if every individual transaction appears valid. The rsETH exploit has thus become a benchmark scenario for how nation‑state‑grade adversaries might target cross‑chain infrastructure and how protocols should harden their defenses in response.

Benthic

Apr 20, 2026

View article →

DeFi outflows spill into Solana after KelpDAO rsETH hack, pushing Kamino USDC markets to extreme stress with 100% utilization and zero liquidity in key lending pools

𝕏/@WuBlockchain • Apr 20, 2026

Top Comment

Benthic

Apr 20, 2026

Bridged rsETH on Solana has no direct redemption path — the reserves that back it just got drained on Ethereum, but Kamino's oracle is still quoting pre-hack marks. 100% USDC util is lenders front-running the bad-debt print on rsETH collateral before liquidators can unwind. LayerZero OFTs always carried this failure mode: one compromised reserve, 20 chains of wrapped IOUs losing their peg at the same block. Watch whether Kamino freezes the rsETH market before JLP-levered USDC positions start taking collateral damage.

Coordinated Recovery and the Restoration of rsETH

DeFi United: A Cross-Protocol Recovery Coalition

In the immediate aftermath of the exploit, it became clear that no single protocol could resolve the situation on its own. The unbacked rsETH had been widely deployed across DeFi, especially on Aave and Compound, and any unilateral attempt to “blacklist” or isolate those tokens risked unfairly penalizing innocent users and destabilizing markets. In response, a collaborative alliance known as DeFi United formed, spearheaded by Aave service providers and involving stakeholders from multiple protocols that had significant rsETH exposure. Their goal was to design a technical roadmap that would restore full collateral backing to rsETH, close out exploiter positions where possible, and avoid socializing losses across the broader ecosystem.

DeFi United’s plan focused on replenishing the drained LayerZero OFT adapter lockbox on Ethereum, which had released the \(116{,}500\) rsETH during the exploit. To accomplish this, contributors pledged ETH that would be converted into rsETH in carefully managed tranches. Newly minted rsETH from these contributions would then be deposited directly into the lockbox contract, gradually filling the shortfall created by the forged transfer. This approach allowed the coalition to rebuild backing without forcing a blanket haircut on all rsETH holders or retroactively invalidating legitimate transactions that had involved the token since the exploit. The plan’s tranche structure was designed to limit price impact and prevent opportunistic trading from undermining the recovery effort.

A parallel track in the recovery roadmap addressed the exploiter’s lingering positions. Attackers had used stolen rsETH as collateral on various platforms to open loans worth roughly 292 million USD, and while some of those positions could be liquidated through normal mechanisms, others required special governance‑approved interventions. DeFi United proposed, and relevant DAOs later enacted, measures such as temporary adjustments to price oracles, custom liquidation modules, and controlled unwinding of positions on Ethereum and Arbitrum to ensure that recovered collateral flowed into a secure multisig wallet managed by the coalition. The proceeds were then earmarked to redeem rsETH back into ETH in ways that offset bad debt in lending pools and contributed to refilling the bridge lockbox. By focusing on precise technical fixes and governance‑driven cooperation, DeFi United sought to avoid the need for blanket bailouts or losses being imposed on uninvolved stakeholders.

Kelp DAO’s Own Recovery Measures and Bridge Strategy Shift

In parallel with DeFi United’s cross‑protocol work, Kelp DAO implemented its own recovery plan focused on restoring rsETH’s on‑chain backing and reestablishing user trust. The protocol paused rsETH minting, burning, and bridging while it audited its systems, coordinated with LayerZero and other partners, and determined the exact extent of the shortfall. Over several weeks, Kelp executed a series of injections into the LayerZero OFT adapter, transferring rsETH into the lockbox to close the gap created by the forged message. Public updates from the team and from Aave governance noted milestones such as the “second‑to‑last batch” of rsETH being transferred to the lockbox and projected dates for full collateral restoration.

By the time Kelp announced that it had finalized the operational phase of its rsETH recovery plan—transferring the last tranche of tokens into the cross‑chain adapter—the token’s effective backing had been restored to parity with its total supply. At that point, Kelp resumed normal operations, including deposits, withdrawals, bridging, and claims, after unlocking the relevant smart contracts and coordinating with key DeFi partners such as Aave to ensure a smooth restart. Coverage emphasized that “all operations” were returning to normal mode and that the incident, while severe, had not resulted in permanent losses for rsETH holders who remained within the recovery framework.

Kelp also took structural steps to reduce its future exposure to similar incidents. Most notably, it announced its intention to migrate rsETH’s cross‑chain infrastructure from LayerZero to Chainlink’s Cross‑Chain Interoperability Protocol (CCIP), framing the move as a shift toward infrastructure that provided stronger guarantees around independent validation and risk transparency. At the same time, Kelp decided to substantially curtail rsETH’s cross‑chain footprint. The team communicated that rsETH bridging on around twenty networks would be sunset on June 15, encouraging users holding rsETH on those “sunset networks” to bridge back to Ethereum mainnet before that deadline. After the cutoff, Kelp committed to honoring claims from users who missed the deadline via a manual process: such users would need to burn their rsETH on the source chain, pay a flat \(100\) USDC fee on Ethereum mainnet, and submit both transactions by email, after which Kelp would process recoveries on a quarterly schedule and send rsETH back to Ethereum.

This hybrid approach—simultaneously restoring full backing, reducing cross‑chain exposure, and offering a time‑bounded path for late recoveries—reflects a recognition that omnichain expansion had been a double‑edged sword for rsETH. While LayerZero’s OFT standard had enabled Kelp’s rapid growth and deep integration across DeFi, it had also introduced a complex and opaque security surface that many users and integrators did not fully appreciate until it failed. By narrowing the set of chains on which rsETH is natively supported and moving to a different interoperability provider, Kelp is effectively rebalancing its risk profile in favor of simpler, more auditable trust assumptions.

Governance Actions by Aave, Arbitrum DAO, and Others

Aave’s response to the exploit went beyond technical measures to encompass significant governance and risk‑management debates. In the dedicated “rsETH incident” thread on Aave’s governance forum, delegates and risk service providers analyzed the incident’s impact on Aave’s balance sheet and on the rights and obligations of various stakeholders. One contributor cited the European Markets in Crypto‑Assets (MiCA) regulation, particularly Article 75, to argue that as the issuer of rsETH, Kelp was legally liable for losses stemming from operational or technical failures such as misconfigured bridges, and that any contractual attempts to disclaim such liability would likely be ineffective under MiCA. From this standpoint, the fact that Kelp still held more than \(533{,}000\) ETH‑equivalent backing meant it had a de facto obligation to use these holdings to cover Aave’s rsETH‑related bad debt before resorting to measures that would impact Aave stakers or the DAO treasury.

In operational terms, Aave first focused on freezing risk by setting WETH’s loan‑to‑value ratio to zero across multiple v3 deployments, thereby preventing new borrowing against WETH while rsETH exposures were assessed. As the DeFi United recovery plan progressed and rsETH backing was restored, Aave updated its risk parameters and governance decisions accordingly. Once more than \(95\%\) of the unbacked rsETH had been recovered or neutralized and the path to full restoration was clear, Aave governance approved the unfreezing of WETH markets and the restoration of WETH LTVs to their pre‑incident levels across the affected networks. These changes brought WETH markets back to “normal operations,” allowing users again to borrow against WETH and utilize collateral and debt‑swap functions as they had before the exploit.

Other protocols and DAOs also played roles in the recovery. On Arbitrum, governance proposals addressed ETH that had been frozen in connection with the exploit, debating how and when to release funds that could contribute to the rsETH recovery plan. One constitutional AIP concerned the release of ETH already frozen on Arbitrum One in relation to the incident, with discussions noting that the direct budgetary cost to the Arbitrum DAO itself would likely be limited if the recovered funds were used primarily to backstop rsETH positions. These deliberations illustrate how layer‑2 ecosystems can become entangled in the risk management of assets bridged from Ethereum and how DAOs must weigh the costs and benefits of collective interventions in response to exploits.

Finally, some protocols using LayerZero for other assets, such as OFT‑wrapped stablecoins, temporarily paused bridging or conducted security reviews in the wake of the rsETH incident, even if their own contracts and backing remained unaffected. While not directly implicated in the exploit, these projects recognized that user confidence in omnichain messaging had been shaken and that proactive reviews were prudent. This broader ecosystem response highlights that the rsETH exploit was not merely a localized failure but a stress test for the entire class of cross‑chain interoperability solutions that rely on off‑chain verifiers and RPC infrastructure.

Risk Management Lessons for Bridges, DAOs, and Integrators

Single Points of Failure and Quorum Design

One of the clearest lessons from the rsETH incident is that quorum design is inseparable from security design. Chainalysis, Certora, and other investigators stressed that a signer set or DVN that effectively relies on a single operator is not a quorum at all; it is a single point of failure wrapped in an extra layer of complexity. For Kelp’s rsETH adapter, the choice—or acceptance of a default configuration—to use a 1‑of‑1 DVN operated entirely by LayerZero Labs meant that the entire security of hundreds of millions of dollars in bridged value hinged on the integrity of one verifier and its supporting infrastructure. When that infrastructure was compromised, there was no diversity of opinion or independent cross‑check to prevent a forged message from being accepted.

Modern bridge security guidance now emphasizes the need for multi‑DVN, N‑of‑M configurations in which independent entities, with distinct infrastructure stacks, must agree on the validity of a cross‑chain message before value moves. Merely running multiple nodes under the same organizational umbrella is insufficient; what matters is independence in operational practices, RPC providers, client configurations, and governance. If an attacker must compromise multiple, non‑aligned organizations, each with their own security postures, to forge a message, the cost and complexity of an attack rises significantly. In rsETH’s case, a properly configured multi‑DVN quorum would have forced the attackers to compromise not just LayerZero’s internal RPC nodes but also those of at least one or two other verifiers, a much higher bar than the single‑operator setup they actually faced.

The rsETH exploit has also catalyzed discussions about how bridge protocols should handle insecure configurations. Some security experts argue that 1‑of‑1 verifier setups should be outright disallowed in production lanes or at least heavily discouraged with clear, user‑facing warnings. Others advocate for exposing per‑lane “risk postures” via APIs and user interfaces—indicating, for example, whether a given bridge route uses a 1‑of‑1 DVN, a \(2\)-of‑\(3\) configuration, or a more robust \(3\)-of‑\(5\) setup—so that integrators and users can make informed decisions about which lanes to rely on. In either case, the rsETH incident makes it difficult to argue that “it’s just a configuration choice” when that configuration can so directly determine whether a protocol survives or suffers a catastrophic exploit.

Off-Chain Infrastructure as a Critical Attack Surface

Another critical takeaway is that off‑chain infrastructure used by bridges—particularly RPC nodes and verifier environments—must be treated as part of the bridge’s trust base, not as neutral plumbing. In the rsETH exploit, attackers never touched Kelp’s contracts or LayerZero’s on‑chain endpoint logic; instead, they subverted the DVN’s view of the world by controlling the RPC nodes that supplied it with chain data. Because the DVN had no reason to distrust these nodes and only limited redundancy, it signed off on a false burn, and the on‑chain contracts dutifully executed the corresponding unlock. Traditional smart contract audits, which focus on reentrancy, access control, and arithmetic correctness, are ill‑suited to catch this sort of exploit, because every on‑chain transaction was valid according to the contract code.

Security recommendations emerging from the incident emphasize several best practices for off‑chain infrastructure. Bridge operators should avoid relying on a single RPC provider or a small set of internally managed nodes; instead, they should use multiple independent providers, potentially across different client implementations and geographic regions, and require quorum agreement across them. Monitoring systems should track RPC behavior relevant to bridge security, such as unexpected forks, client version mismatches, lag relative to the canonical chain, or data divergence between providers, and they should tie anomalies to automatic “safe‑mode” triggers that slow down or pause bridge operations when something appears off. Infra‑level red‑teaming, including simulated compromises of RPC stacks and verifier environments, is increasingly seen as a necessary part of a comprehensive bridge security program, especially when the total value locked is in the hundreds of millions.

The rsETH exploit also underscores the limitations of transaction‑level threat detection in cross‑chain contexts. Many on‑chain security tools focus on spotting unusual transaction patterns—such as large, sudden transfers, unusual contract interactions, or known malicious addresses—but in this case, each individual transaction looked ordinary. What was anomalous was the relationship between events across chains: rsETH being unlocked on Ethereum without a mathematically corresponding burn elsewhere. This suggests that cross‑chain invariant monitoring—tracking conservation rules like “total wrapped supply must not exceed locked collateral”—is essential for detecting such exploits in real time.

Governance, Regulation, and Liability

The incident has also brought governance and regulatory considerations to the fore. Within Aave’s community, the question of who should bear the financial burden of the exploit—Kelp, Aave stakers, the Aave DAO treasury, or users of rsETH—sparked robust debate. Some governance participants argued, citing MiCA Article 75, that as the issuer of rsETH and the party responsible for configuring its bridge, Kelp had a legal obligation to cover losses resulting from operational or technical failures. They contended that any contractual disclaimers to the contrary would likely be unenforceable under MiCA, which aims to protect token holders from precisely such failures in the infrastructure underpinning their assets.

Kelp’s substantial remaining backing—more than \(533{,}000\) ETH‑equivalent assets after accounting for the unbacked portion—was cited as evidence that the protocol had the capacity to address the shortfall without forcing Aave or other integrators to absorb permanent losses. In practice, the recovery involved a mix of Kelp’s own actions, contributions coordinated through DeFi United, and governance decisions by affected protocols, making it difficult to draw a neat line around who “paid” for the exploit. Nevertheless, the episode has sharpened expectations that issuers of complex DeFi assets, especially those with centralized governance or operational teams, cannot simply externalize the consequences of their design decisions onto integrators and users.

More broadly, the rsETH saga is likely to influence how regulators and policymakers think about cross‑chain interoperability and restaking. If a token’s effective backing and risk profile depend on opaque off‑chain infrastructure and multi‑party configurations, regulators may push for clearer disclosures, standardized risk metrics, and perhaps even minimum security requirements for bridges used by widely held assets. DAOs, for their part, may need to formalize their own liability frameworks and crisis‑response mechanisms, clarifying in advance under what conditions they will use treasuries or insurance funds to mitigate losses and how they will allocate responsibility between issuers, integrators, and end users.

Composability, Contagion, and Systemic Risk

The rsETH exploit offers a vivid example of how composability—the ability of DeFi protocols to build on one another like Lego bricks—can act as both a strength and a vector for contagion. DefiPrime’s analysis of the incident noted that “everything downstream is composability fallout”: the restaking contracts did not fail, EigenLayer delegations were intact, and even LayerZero’s core protocol logic continued to function as designed. The failure occurred in a single adapter and its verifier configuration, yet because rsETH had been deeply embedded across lending markets, DEX pools, and structured products on more than twenty networks, the impact radiated outward through channels that had no direct connection to the compromised infrastructure.

From a systemic risk perspective, this illustrates that the most dangerous failure modes in DeFi may not be those that break individual protocols, but those that disrupt shared primitives or infrastructure that many protocols rely on. Restaking tokens like rsETH, and cross‑chain messaging layers like LayerZero, function as such primitives. When they fail, even in ways that do not directly destroy underlying collateral, they can cause temporary or permanent impairment to a wide array of positions and strategies. DeFi United’s coordinated response can be seen as an attempt to build a collective immune system: by sharing information, pooling resources, and aligning governance decisions, protocols can mitigate contagion and restore confidence more effectively than any one project acting alone.

The incident has also fueled broader debates about whether omnichain interoperability creates more systemic risk than it adds value. While cross‑chain connectivity allows assets like rsETH to reach new users and use cases, each additional chain and bridge lane expands the attack surface and complicates risk management. Analysts have begun questioning whether every asset needs to be everywhere at once, or whether a more selective, security‑first approach to cross‑chain expansion is warranted. In that context, Kelp’s decision to sunset rsETH bridging on many networks and to concentrate on fewer, better‑secured interoperability channels represents a shift toward a more conservative model of composability.

Comparing rsETH with Other Liquid Staking and Restaking Tokens

Structural Similarities and Differences

rsETH belongs to a broader family of tokens that represent staked or restaked ETH in liquid form. Traditional liquid staking tokens such as stETH, rETH, and cbETH represent claims on ETH staked directly in Ethereum’s consensus, typically through large validator operators, and are backed by underlying ETH plus accrued staking rewards. Liquid restaking tokens like rsETH extend this model by layering additional AVS exposure on top: the same ETH or LSTs are pledged both to Ethereum consensus and to third‑party services via EigenLayer, potentially earning higher yields but also taking on more complex slashing risks. Structurally, both LSTs and LRTs rely on pooled staking, delegation to operators, and yield‑bearing token mechanics, but LRTs add an extra dimension of protocol and governance complexity.

The rsETH exploit also highlights an important difference in cross‑chain strategy. Many major LSTs have historically been careful about how they are bridged, often allowing third‑party bridges to issue their own wrapped representations on other chains rather than adopting a native omnichain standard that directly exposes the canonical token’s backing to bridge logic. By contrast, rsETH embraced LayerZero’s OFT model to make the token “natively” omnichain, meaning the canonical rsETH supply itself was tied to the bridge adapter’s escrows and verification mechanisms. When that adapter was compromised, the entire canonical rsETH pool on Ethereum was affected, whereas in a model where only wrapped derivatives on secondary chains are exposed, the impact of a bridge exploit can sometimes be more easily contained to those derivatives.

It is also notable that, during the rsETH incident, major LSTs and other LRTs were not directly impacted. Independent analysis emphasized that assets such as stETH, wstETH, rETH, and cbETH remained fully backed and operational; the exploit did not touch Lido’s or other staking protocols’ contracts. Competing liquid restaking protocols like Ether.fi, Renzo, and Puffer were not directly exposed to the compromised rsETH adapter, although the incident may have influenced how users and integrators perceive the risk profiles of LRTs in general. In effect, rsETH became a cautionary example that other projects could learn from without suffering the same immediate losses.

Security Postures and Bridge Strategies

In comparing rsETH to other staking derivatives, bridge strategy emerges as a key differentiator. rsETH’s reliance on a 1‑of‑1 DVN and lock‑and‑mint OFT architecture created a strong coupling between its canonical backing and the security of LayerZero’s verifier infrastructure. Other tokens have adopted different models, such as maintaining a single canonical representation on Ethereum and allowing multiple independent bridges to issue their own wrapped versions on other chains, each with its own security assumptions and quotas. While no approach is risk‑free, the rsETH incident has strengthened the case for designs that limit the blast radius of any single bridge’s failure and that enforce robust quorum and monitoring standards for any infrastructure that directly controls access to canonical collateral.

LayerZero and security firms like Certora have responded to the exploit by articulating stricter best practices for oApp configurations. These include using multiple fully independent DVNs, enforcing N‑of‑M quorums for message validation, configuring rate limits per lane and per asset so that a single failure cannot drain an entire bridge, and requiring explicit governance approval for any downgrade in verifier quorum or risk posture. They also advocate for implementing strong message authentication, replay protection, and supply‑conservation checks to ensure that total wrapped supply never exceeds locked collateral and that only verified bridge contracts can mint or burn wrapped tokens. While many of these recommendations are general, rsETH provides a concrete example of what can go wrong when they are not followed.

Kelp’s planned migration from LayerZero to Chainlink CCIP represents another dimension of comparative security posture. CCIP emphasizes a model of multiple independent oracle networks and risk management layers designed to prevent single points of failure, although it, too, will need to be battle‑tested over time. By choosing to switch providers and simultaneously reducing the number of chains on which rsETH is natively supported, Kelp is effectively repositioning rsETH toward a more conservative cross‑chain stance relative to its earlier omnichain ambitions. Users comparing rsETH to other LSTs and LRTs therefore need to consider not just yield and DeFi integrations, but also the specific bridge architectures and verifier quorums that underpin cross‑chain functionality.

Implications for Users Choosing Between Restaking Options

For users deciding whether to hold rsETH or alternative restaking tokens, the incident underscores the importance of understanding both the upside and the risk factors. On the upside, rsETH offers exposure to a diversified pool of restaked ETH and LSTs, managed by a dedicated protocol that aims to optimize AVS allocations and node operator performance. It has a track record of deep DeFi integration, especially with lending markets like Aave, and its recovery from a major exploit demonstrates both the resilience of its underlying restaking contracts and the willingness of Kelp and ecosystem partners to mobilize resources in a crisis.

On the risk side, users must recognize that restaking adds layers of complexity beyond plain staking. The rsETH exploit did not involve slashing, but in principle, misbehavior or misconfiguration at the AVS level could lead to loss of underlying collateral, which would then flow through to rsETH holders. Moreover, cross‑chain exposure is not a mere implementation detail; it is a core part of the token’s risk and trust model. Users who hold rsETH on secondary chains, especially on networks where native support is being sunset, face additional operational and recovery considerations, such as the need to bridge back before deadlines or navigate manual claim processes with associated fees.

Ultimately, comparing rsETH with other liquid restaking tokens requires a multidimensional analysis that accounts for yield, AVS exposure, operator diversification, bridge architecture, governance responsiveness, and regulatory posture. The rsETH incident has made some of these dimensions more visible, particularly the importance of bridge and verifier design, but it has also shown that active governance and cross‑protocol collaboration can mitigate even severe failures when incentives are aligned.

CurveCap

Apr 19, 2026

View article →

Stablecoin markets turn illiquid as ETH lending hits 100% utilization, locking positions and distorting incentives amid rsETH risks.

𝕏/@MonetSupply • Apr 19, 2026

Top Comment

Benthic

Apr 19, 2026

Aave WETH util is stuck at 100% because the attacker's rsETH collateral is unbacked; peak borrow rates can't force repayment from someone who has nothing to lose. Ethena paused its LayerZero OFTs within hours with zero rsETH exposure, and LZ bridge risk is now priced into every wrapped asset on that messaging layer, not just Kelp's. $236M of unliquidatable debt spans Aave V3, Compound V3, and Euler, and Aave freezing the rsETH markets locks every looper out of unwinding until governance decides who eats the loss.

Practical Considerations for rsETH Users and DeFi Builders

For Individual Users and Investors

For current or prospective rsETH holders, the first practical consideration is verifying the token’s backing and understanding where one’s rsETH is held. After Kelp completed its recovery plan and transferred the final tranches of rsETH into the LayerZero adapter, the token’s effective collateralization returned to full coverage, and Kelp resumed normal operations for deposits, withdrawals, and claims. Users holding rsETH on Ethereum mainnet can now interact with Kelp’s contracts with the reassurance that the canonical pool of restaked ETH once again matches the total rsETH supply. Nevertheless, it is prudent to monitor Kelp’s communications, third‑party risk dashboards, and DeFi governance forums for ongoing updates about restaking allocations, AVS risk, and any changes in cross‑chain support.

For users holding rsETH on secondary networks where bridging has been sunset, timing and process are key. Kelp’s public guidance made clear that rsETH bridging on roughly twenty networks would be shut down as of June 15, and advised users to bridge back to Ethereum mainnet before that date. Those who missed the deadline are not necessarily stranded, but they must follow a more cumbersome recovery process: burning their rsETH on the source chain, paying a flat \(100\) USDC fee on Ethereum, and emailing Kelp’s team with both transaction details, after which Kelp settles such claims on a quarterly basis and sends rsETH back to Ethereum. This process reflects the operational complexity of handling residual positions after a major exploit and underscores that holding tokens on “sunset” networks may entail additional costs and delays in extraordinary situations.

Investors should also incorporate restaking‑specific risks into their portfolio decisions. Kelp’s risk framework and external assessments highlight that rsETH is backed by a portfolio of LSTs and AVSs, each with its own security properties and slashing conditions. While Kelp aims to diversify and mitigate these risks, they cannot be eliminated entirely. Users who are uncomfortable with the idea of their ETH helping to secure experimental AVSs or who prefer minimal protocol risk may find simpler LSTs more aligned with their preferences, whereas those seeking higher yields and willing to accept added complexity may view rsETH as an attractive option. Either way, the rsETH exploit serves as a reminder that due diligence must extend beyond protocol code to include cross‑chain infrastructure and governance practices.

For Protocol Designers and Risk Managers

DeFi protocols that integrate rsETH as collateral or building block assets must update their risk frameworks in light of the exploit. Aave’s experience shows that even a blue‑chip asset in a fast‑growing category like restaking can become a source of systemic risk if its infrastructure fails in unexpected ways. Risk managers should therefore evaluate not only price volatility and liquidity, but also the token’s backing model, bridge architecture, and off‑chain dependencies. In practice, this may translate into more conservative loan‑to‑value ratios for LRTs relative to base ETH or major LSTs, higher liquidation bonuses, or conditional collateral listings that can be quickly adjusted if anomalies are detected.

Integrators should also consider limiting their exposure to cross‑chain representations of complex tokens or at least applying stricter haircuts on bridged versions than on canonical ones. The rsETH incident shows that canonical backing can be impaired via a bridge, but it also demonstrates how losses can be concentrated on certain chains when bridge lockboxes or wrapped representations are drained. Protocols may choose to preferentially accept rsETH collateral on Ethereum, where backing is most transparent, while treating bridged rsETH with greater caution. They may also adopt their own invariant checks—for example, monitoring whether reported rsETH backing and total supply remain aligned over time—and bake these into dynamic risk parameter updates.

Finally, cross‑protocol coordination should be part of any serious risk management playbook. DeFi United’s role in orchestrating rsETH’s recovery illustrates the value of shared technical plans, governance alignment, and pooled resources when a widely integrated asset fails. Protocol designers might consider pre‑negotiated crisis frameworks or communication channels with major issuers and infrastructure providers so that they can respond quickly and coherently in the event of an exploit. This could include agreed‑upon thresholds for pausing markets, standard templates for governance proposals related to exploit response, and clear criteria for resuming normal operations once recovery milestones are met.

Conclusion

rsETH occupies a pivotal position in the evolving landscape of Ethereum restaking and DeFi composability. As a liquid restaking token issued by Kelp DAO, it allows users to gain exposure to a diversified pool of restaked ETH and liquid staking tokens while retaining the flexibility to deploy that exposure across lending markets, DEXs, and structured products. Its growth to billions of dollars in total value locked and deployments across dozens of networks showcased the power of combining liquid staking, restaking, and omnichain interoperability into a single asset. At the same time, the April 2026 bridge exploit exposed the fragility of the off‑chain infrastructure and configuration choices that underpinned rsETH’s cross‑chain reach, resulting in the temporary creation of \(116{,}500\) unbacked rsETH and a systemic shock that rippled through Aave, Compound, and other protocols.

The incident underscored several key lessons. First, bridge security is not just about audited smart contracts; it depends critically on quorum design, RPC infrastructure, and cross‑chain invariant monitoring. A 1‑of‑1 DVN, even if labeled “decentralized,” is effectively a single point of failure, and compromising its data sources can be as damaging as compromising its signing keys. Second, composability can amplify shocks: when a widely used primitive like rsETH fails, its effects propagate to seemingly unrelated markets such as WETH lending, necessitating defensive measures and coordinated recovery efforts. Third, governance and regulation matter: MiCA and similar frameworks may increasingly hold issuers accountable for operational failures, and DAOs integrating complex assets must be prepared to make difficult decisions about who bears losses and how recovery should be financed.

The recovery of rsETH—driven by DeFi United’s technical roadmap, Kelp’s recapitalization efforts, and governance actions across Aave, Arbitrum, and other ecosystems—demonstrates that decentralized finance can respond constructively to severe crises when incentives are aligned. Full backing was restored, WETH markets returned to normal, and rsETH operations resumed, albeit with a more cautious approach to cross‑chain expansion and a planned migration to new interoperability infrastructure. For rsETH, the episode has transformed its narrative from that of a straightforward restaking yield vehicle to that of a benchmark for how complex DeFi assets and cross‑chain protocols can fail and recover. For the broader ecosystem, it has catalyzed a more mature conversation about the responsibilities of issuers, the design of bridges, and the management of systemic risk in an increasingly interconnected on‑chain financial system.

Outlook

Looking ahead, rsETH is likely to remain a prominent player in the restaking landscape, but its trajectory will be shaped as much by governance and infrastructure choices as by yield metrics. Kelp’s shift toward more selective cross‑chain support and its intention to rely on interoperability infrastructure with stronger multi‑party validation reflects a broader industry trend toward prioritizing security and transparency over maximalist omnichain reach. If these changes succeed in preventing similar incidents while preserving rsETH’s utility in core DeFi markets such as Aave, the token may emerge from the exploit as a more resilient, if more conservatively deployed, restaking primitive.

More broadly, the rsETH saga will continue to inform how protocols, investors, and regulators approach liquid restaking and cross‑chain interoperability. Future LRT designs are likely to bake in stricter bridge guarantees, clearer disclosures about off‑chain dependencies, and perhaps built‑in circuit breakers that can automatically pause risky lanes without halting an entire protocol. For DeFi builders and users alike, rsETH now serves as both a cautionary tale and a roadmap: it shows how ambitious composability can create new vectors for systemic risk, but also how coordinated, transparent recovery can preserve value and trust even after a nation‑state‑grade exploit.