The Kelp DAO exploit became much bigger than a $293 million theft because the stolen rsETH was reused as collateral inside DeFi lending markets, helping trigger about $9 billion in net outflows from Aave. The episode exposed a deeper weakness in DeFi: when trust in one asset breaks, the damage can spread through every protocol that treated that asset as solid collateral.
On April 18, 2026, an attacker exploited Kelp DAO’s rsETH cross-chain route and drained 116,500 rsETH, worth about $292 million to $293 million, making it the biggest DeFi exploit of 2026 so far. That alone would have been a major story. But the deeper reason people are still talking about it is that the theft did not stay contained inside one protocol. It spilled outward into the rest of the ecosystem almost immediately, because rsETH was already being used as collateral and liquidity across multiple places. This is where things change. In DeFi, the first break is often not the worst break. The real damage starts when one broken assumption travels through every other product that was built on top of it.
According to Aave’s incident report, the attacker exploited Kelp’s LayerZero V2 Unichain to Ethereum rsETH route, which was configured as a 1 of 1 DVN, meaning there was only a single verifier standing between a valid message and a forged one. A forged inbound packet was accepted without a matching burn on the source side, and that released real rsETH on Ethereum that had no real backing behind it. In plain English, the system believed tokens had arrived when they had not. That is why this incident matters so much. It was not simply a wallet being drained or a user making a mistake. It was a failure in cross-chain trust, and once that trust failed, the market had to decide in real time whether any downstream use of that asset could still be believed.
Kelp’s first public response was to say it had identified suspicious cross-chain activity involving rsETH and had paused rsETH contracts across mainnet and several layer 2 networks while it investigated. Aave moved quickly as well. Its governance forum said the Guardian began freezing rsETH and wrsETH markets across all deployments starting at 18:52 UTC on April 18, and Aave’s public updates stressed that its own contracts had not been exploited. The problem is that once a collateral asset becomes questionable, a lending market does not need to be hacked directly to enter crisis mode. It only needs users to stop trusting the value of what is sitting underneath the loans. That is exactly what happened here.
The most important detail in the whole story may be what the attacker did next. Bloomberg reported that the hackers deposited about $200 million of the stolen tokens on Aave as collateral for borrowing another cryptocurrency. Aave’s own incident report later showed affected positions with about 82,650 WETH and 821 wstETH borrowed against the compromised setup. That move changed the psychology of the event immediately. The fear was no longer just that Kelp DAO had lost funds. The fear was that Aave could be left with loans backed by collateral that might prove to be partly or wholly worthless. Once that idea took hold, users did what users always do in a confidence event. They headed for the door. Bloomberg reported that Aave logged about $9 billion in net outflows after the incident.
Latest
The latest industry news, interviews, technologies, and resources.
-640x427.png&w=3840&q=75)
21 Apr 2026 · 1 min read
Joachim Nagel’s call for wider access to Anthropic’s Mythos is really a warning about uneven cyber defence, concentrated AI power, and the risk of leaving key institutions outside the defensive perimeter. Europe’s answer will need to combine access, regulation, infrastructure, and real operational readiness rather than relying on any one of them alone
-1-640x427.png&w=3840&q=75)
21 Apr 2026 · 1 min read
Aave’s official line was consistent from the start: its own smart contracts were not compromised, and the problem originated outside the protocol in the underlying rsETH asset. Technically, that is true. But markets do not only react to code risk. They react to balance sheet risk, liquidity risk, and the fear that someone else will withdraw first. Aave’s incident report said the WETH reserves on Ethereum, Arbitrum, Base, Linea, and Mantle were at 100% utilization, with idle balances below $20 on every chain listed in that section. That is the kind of detail that turns an abstract security incident into something depositors can feel in their gut. The protocol may not have been hacked, but liquidity was tightening, assets were being frozen, and the system no longer looked normal to users trying to protect themselves.
The next layer of the crisis is about who eventually absorbs the losses. Aave’s incident report laid out two broad scenarios. In one, where losses are socialized more evenly, estimated bad debt comes to about $123.7 million. In the other, where losses are isolated to affected layer-2 rsETH, estimated bad debt rises to about $230.1 million. The report is also blunt that no official decision by Kelp on loss allocation, recovery, or redemption mechanics had been publicly confirmed at the time of writing. What this really means is that the market is still dealing with an unresolved bill. The exploit may already have happened, but the final distribution of pain has not. And until that part becomes clear, every protocol, lender, and user connected to the incident is forced to operate under a cloud of uncertainty.
The online mood around this event has been darker than the raw dollar figure might suggest. Reports and commentary described a fresh chorus of “DeFi is dead,” and some coverage said more than $13 billion in DeFi total value locked disappeared in two days as the shock spread. That tone matters because DeFi runs partly on code and partly on narrative. When users start to believe that every interconnected protocol might carry hidden collateral risk, they stop acting like long-term believers and start acting like short-term survivors. DefiLlama currently lists Aave’s total value locked at about $15.64 billion, which shows the platform still exists at scale, but the recent collapse in confidence has already changed how people think about that number. Even worse, the aftermath is now feeding second-order scams. On April 22, an Aave governance thread warned of an active drainer campaign on Arbitrum exploiting the WETH freeze narrative to phish users. That is how these episodes spread online: first panic, then rumor, then opportunists move in to prey on the confused.
The dispute that followed tells us a lot about where DeFi still is. LayerZero’s public statement said preliminary indicators suggested a highly sophisticated state actor, likely DPRK’s Lazarus Group, more specifically TraderTraitor. It also framed the exploit as a consequence of KelpDAO’s single DVN setup. Kelp’s side has pushed back, saying the attacker compromised LayerZero verification servers and that the 1-of-1 verifier configuration was effectively a LayerZero default rather than a reckless one off choice by Kelp. That matters because it shifts the discussion from “who got hacked” to “who designed the trust assumptions, who documented them, and who warned whom.” Meanwhile, the decentralization debate got sharper when Arbitrum’s Security Council froze 30,766 ETH, worth about $71 million, linked to the exploit, saying it acted with input from law enforcement. Some people saw that as responsible emergency action. Others saw it as proof that many supposedly decentralized systems still rely on small groups with extraordinary powers when things go bad. Both views contain some truth.
Seen on its own, the Kelp exploit looks like one ugly weekend. Seen in context, it looks like part of a larger shift. TRM Labs said 2025 saw $2.87 billion stolen across nearly 150 hacks and exploits, with infrastructure attacks driving about 76% of losses. Chainalysis separately said more than $3.4 billion in cryptocurrency was stolen in 2025, with DPRK-linked hackers alone stealing about $2 billion. That wider pattern matters because it shows the threat has moved beyond simple smart-contract bugs. Attackers are increasingly going after keys, control planes, operational workflows, bridge infrastructure, and trust layers around protocols rather than only the on-chain logic itself. That is why the comparison to Drift also matters. On April 1, attackers drained about $285 million from Drift Protocol in what TRM said was likely another North Korean operation. Kelp then slightly overtook that as the year’s biggest DeFi exploit. Two huge attacks in the same month do not just signal bad luck. They signal a structural security problem.
As of the latest updates, Aave has begun to ease only a small part of the emergency posture. Its April 21 update said WETH reserves on Ethereum Core V3 had been unfrozen so users could supply WETH there again, but the loan-to-value ratio remained at zero, while WETH on Ethereum Prime, Arbitrum, Base, Mantle, and Linea remained frozen. Arbitrum’s freeze of roughly $71 million has at least shown that some of the stolen value may be recoverable, but it has also reopened the old argument over whether decentralization is real when emergency committees can intervene so directly. The bigger lesson is harder and more important. DeFi cannot keep pretending that endlessly reusable collateral is automatically safe just because it is composable. The more protocols stack on top of one another, the more one bad assumption can turn into everyone’s problem. What this really means is that the next phase of DeFi will have to look less romantic and more disciplined. Fewer blind trust chains. More isolated risk. Better bridge design. Stronger verifier assumptions. Clearer emergency playbooks. And maybe, finally, a little less faith that code alone can carry a system through a bank run once confidence breaks.
India’s deepfake response has moved beyond headline promises and into a layered techno-legal framework built around platform duties, labelling, provenance, takedowns, and wider AI governance. The big test now is not whether rules exist, but whether enforcement becomes fast, visible, and strong enough for ordinary people to trust
-2.png&w=3840&q=75)