TL;DR

On April 18 2026, an attacker drained 116,500 rsETH ($292M) from Kelp DAO's LayerZero bridge by forging a cross-chain message. The entire exploit took 46 minutes.
The attacker deposited stolen rsETH into Aave V3, Compound, and Euler as collateral and borrowed ~$236M in wrapped ETH against it.
Aave's TVL dropped ~$6.6B (24%) as depositors rushed to withdraw. The WETH pool hit 100% utilisation. The AAVE token fell 18%.
Aave is now carrying between $177M and $236M in bad debt. Its Umbrella reserve system may need to slash staked AAVE to cover the deficit.
This is the largest DeFi exploit of 2026. It exposes systemic risks in how lending protocols accept bridged and wrapped collateral types.

On Saturday April 18, an attacker sent a forged message to Kelp DAO's cross-chain bridge and walked away with $292 million in rsETH. Within hours, that stolen collateral was sitting inside Aave V3, backing hundreds of millions in borrowed ETH that will likely never be repaid.

This is not just a bridge hack. It is a stress test of DeFi's collateral assumptions, and Aave is absorbing the damage in real time.

Here is what happened, how it happened, and what it means for builders and protocols that accept liquid restaking tokens as collateral.

The Exploit: 46 Minutes, $292 Million

Quick Recap: An attacker forged a LayerZero cross-chain message to trick Kelp's bridge into releasing 116,500 rsETH without any corresponding deposit.

At 17:35 UTC on April 18, an attacker called the lzReceive method on LayerZero's EndpointV2 contract with a crafted message payload. The message looked like a legitimate cross-chain transfer instruction from another network. It wasn't.

Kelp's bridge accepted the forged message and released 116,500 rsETH, roughly 18% of the token's entire circulating supply (~630,000 rsETH), to an attacker-controlled wallet. That wallet had been funded through Tornado Cash ten hours earlier.

Kelp's emergency pauser multisig froze the bridge 46 minutes later at 18:21 UTC. Two follow-up drain attempts at 18:26 and 18:28 UTC, each trying to pull another 40,000 rsETH (~$100M), both reverted against the frozen contracts.

The core vulnerability: the bridge's verification logic accepted a LayerZero message that corresponded to no real deposit on any source chain. The attacker minted rsETH from thin air by convincing the bridge that locked ETH existed somewhere. It didn't.

How the Attacker Weaponised the Stolen Tokens

Quick Recap: Instead of selling the rsETH directly, the attacker deposited it into lending protocols as collateral and borrowed real ETH against it.

This is where the exploit becomes a contagion event.

Rather than dumping 116,500 rsETH on the open market (which would have cratered the price immediately), the attacker deposited the stolen tokens into Aave V3, Compound V3, and Euler as collateral. They then borrowed wrapped ETH (WETH) against that collateral.

On-chain trackers show:

~$196M borrowed on Aave V3 specifically (rsETH/WETH pair on Ethereum mainnet)
~$236M in total debt positions across all three lending protocols
~74,000 ETH consolidated post-exploit

The attacker effectively converted stolen rsETH (which is now worthless as collateral, since the underlying bridge is compromised) into real ETH. The lending protocols are left holding rsETH collateral that cannot be redeemed at face value.

This is textbook bad debt creation. The collateral is impaired. The borrowed assets are gone. The protocol absorbs the loss.

Aave's Damage Report

Quick Recap: Aave lost ~$6.6B in TVL, its WETH pool hit 100% utilisation, and the protocol is carrying up to $236M in bad debt.

The fallout hit Aave hard and fast:

TVL dropped from ~$26.4B to ~$19.8B, a 24% decline in hours
$5.4B+ in ETH withdrawals as depositors rushed to pull funds
WETH pool hit 100% utilisation, meaning remaining depositors could not withdraw
AAVE token dropped ~18%, from roughly $140 to the $115 range
Bad debt estimated at $177M-$236M, depending on recovery assumptions

Aave's contracts were not compromised. The protocol worked exactly as designed. That is part of the problem. Aave accepted rsETH as valid collateral, priced it based on oracle feeds, and allowed borrowing against it. The system functioned correctly right up until the collateral became worthless.

Aave Guardian initiated emergency freezes on rsETH and wrsETH markets across all deployments starting at 18:52 UTC. Founder Stani Kulechov confirmed the exploit was external to Aave's smart contracts.

The Umbrella Question

Quick Recap: Aave's Umbrella reserve system exists for exactly this scenario, but the language around coverage has already softened.

Aave's Umbrella system is the protocol's built-in backstop for bad debt events. It can draw on protocol reserves and, in extreme cases, slash staked AAVE to cover deficits.

Early messaging from Aave said the Umbrella reserve would cover the deficit. By Saturday afternoon, the language had shifted to "explore paths to offset the deficit." That is a meaningful change in tone.

The question is whether Aave's reserves are sufficient to absorb $177M-$236M in bad debt without significant AAVE slashing. If slashing is required, it creates additional sell pressure on the AAVE token at a time when confidence is already fragile.

This is going to play out through governance over the coming weeks. The outcome will set a precedent for how DeFi lending protocols handle large-scale collateral failures.

The Structural Problem: Bridged Collateral Risk

Quick Recap: This exploit exposes a fundamental tension in how lending protocols evaluate bridged and wrapped assets as collateral.

rsETH is a liquid restaking token. Its value derives from staked ETH held by Kelp DAO. When the bridge was exploited, 18% of rsETH's circulating supply was created from nothing. The token's peg to ETH is now under severe pressure because redemptions depend on Kelp's ability to honour claims against a reserve that just had $292M pulled out of it.

Aave, Compound, and Euler all accepted rsETH at or near its ETH-pegged value. Their oracle systems priced it based on market data that assumed the token was fully backed. The moment the bridge was compromised, that assumption broke.

This is not unique to rsETH. The same risk exists for any bridged, wrapped, or liquid staking token used as collateral in lending protocols:

wstETH depends on Lido's contracts and bridge infrastructure
cbETH depends on Coinbase's operational security
rETH depends on Rocket Pool's node operator set
Any cross-chain wrapped token depends on the bridge that minted it

The core tension: lending protocols need diverse collateral to scale. But every new collateral type introduces dependency on external infrastructure (bridges, restaking contracts, oracle feeds) that the lending protocol does not control.

What Builders Should Learn From This

Bridge verification is a single point of failure. The entire $292M exploit came down to one function accepting a forged message. Cross-chain messaging layers are powerful but introduce attack surface that most teams underestimate. If you are building anything that accepts cross-chain messages, your verification logic needs to be treated as the most critical code in your system.

Collateral risk is protocol risk. Lending protocols inherit the security properties of every asset they list. Accepting rsETH meant accepting the security of Kelp's bridge, LayerZero's messaging layer, and every chain rsETH was deployed on. That is a lot of trust surface for a single collateral type.

Emergency response matters. Kelp froze the bridge in 46 minutes. Aave froze markets within a few hours. Both responses limited damage. But the attacker's follow-up attempts (two more drains totalling $200M that reverted) show how close this came to being even worse.

Bad debt is a feature, not a bug. Lending protocols will occasionally take losses. The question is whether the protocol's reserves and governance can absorb those losses without a death spiral. Aave's Umbrella system is about to get its biggest test.

Risks and What Comes Next

This situation is still developing. Several outcomes remain uncertain:

Whether Kelp DAO can recover any stolen funds or negotiate with the attacker
How much of Aave's bad debt the Umbrella reserve can absorb without AAVE slashing
Whether rsETH can recover its peg or if the token is permanently impaired
Regulatory response to the largest DeFi exploit of 2026
How other lending protocols reassess their collateral listing criteria

The broader DeFi ecosystem is watching. If Aave handles the bad debt cleanly through Umbrella, it validates the safety module design. If it requires significant AAVE slashing or governance intervention, it raises questions about whether permissionless lending can safely scale with complex collateral types.

One thing is clear: the era of listing every yield-bearing wrapped token as collateral without deeply auditing its entire dependency chain is over.

Building DeFi protocols or smart contract systems that need to handle collateral risk? Ethereal Labs helps teams design and ship secure, production-grade Web3 applications. Get in touch.