What Is the KelpDAO Attack? What It Means for Aave Users in 2026

By: WEEX|2026/04/21 17:15:00

TL;DR

On April 18, 2026, liquid restaking protocol KelpDAO suffered a $292M rsETH exploit
The attack targeted a cross-chain bridge verification vulnerability, not a core smart contract bug
About 18% of circulating rsETH supply became compromised during the exploit
Aave was not hacked, but froze its rsETH market to prevent bad-debt contagion
Over $13B exited DeFi protocols within 48 hours after the incident
Users holding non-rsETH assets on Aave can still withdraw normally
Users who deposited rsETH collateral currently face restrictions
The exploit highlights ongoing risks in cross-chain bridges and restaking protocols
Best practice now: avoid interacting with rsETH until governance recovery decisions finalize

What Happened to KelpDAO? Is Aave Safe After the $292M rsETH Exploit (2026 Update)

On April 18, 2026, liquid restaking protocol KelpDAO suffered one of the largest DeFi exploits of the year. Attackers drained about 116,500 rsETH (~$292 million) through a cross-chain bridge vulnerability, triggering market freezes across multiple lending protocols including Aave.

Within 48 hours:

over $13B left DeFi protocols
rsETH liquidity collapsed
lending markets froze across several platforms
Aave paused its rsETH markets to contain systemic risk

Here’s what actually happened — and whether your funds on Aave are still safe today.

What Exactly Happened in the KelpDAO Exploit?

-- Price

First: What Is KelpDAO?

KelpDAO is a liquid restaking protocol on Ethereum.

It allows users to:

stake ETH
restake via EigenLayer
receive rsETH, a liquid token representing those deposits
reuse rsETH as collateral across DeFi

This made rsETH widely integrated into lending platforms like Aave.

How Did the Attack Happen?

The exploit targeted KelpDAO’s LayerZero-powered cross-chain bridge verification setup.

Specifically:

attackers forged a cross-chain verification message
the bridge released 116,500 rsETH
roughly 18% of circulating supply became unbacked instantly

Important detail:

This was not a smart contract bug

Instead, it was a bridge configuration trust failure, which is increasingly common in cross-chain infrastructure exploits.

Why Did This Affect Aave?

Because rsETH was accepted as collateral inside Aave.

Attackers:

deposited stolen rsETH
borrowed real assets like WETH
created large amounts of bad debt risk inside lending pools

As a result: Aave froze rsETH markets across versions V3 and V4 to stop contagion spreading further.

How Has Aave Responded to the KelpDAO Attack?

Aave's response was fast and defensive — not reactive to a direct protocol hack.

Within hours:

rsETH markets were frozen
borrowing against rsETH stopped
risk exposure was isolated
governance began evaluating deficit recovery mechanisms

Most importantly:

Aave itself was not hacked.

The freeze was a containment measure triggered by collateral instability.

According to governance reports:

the attacker used stolen rsETH as collateral across multiple chains, forcing emergency risk controls across lending markets.

Is Aave Safe to Use Right Now After the KelpDAO Hack?

This is the question most users are searching for.

Here’s the real answer.

If You Hold Non-rsETH Assets on Aave

Your funds remain accessible.

Examples:

ETH
USDC
WBTC
stablecoins
other supported collateral

These markets continue functioning normally.

The freeze applies only to the rsETH market.

If You Deposited rsETH on Aave

The situation is different.

Currently:

rsETH markets remain paused
withdrawals may be restricted
governance recovery steps are still ongoing

There is no confirmed timeline yet for full reopening.

Bottom Line for Users

Short version: Aave contracts were not compromised.

The risk came from collateral exposure, not protocol security.

This distinction matters.

Why Did the KelpDAO Exploit Trigger Such Large DeFi Outflows?

Because DeFi lending protocols are interconnected.

When one collateral asset breaks:

the shock spreads across multiple platforms.

After the exploit:

over $13B in TVL exited DeFi
at least nine protocols froze markets
Aave alone saw billions withdrawn during panic deleveraging

This is a classic example of cross-protocol contagion risk.

What Is rsETH and Why Does It Matter?

rsETH is a liquid restaking token

It represents:

staked ETH + EigenLayer restaking yield exposure

Users typically:

stake ETH

receive rsETH

reuse rsETH across DeFi

The exploit broke trust in the token’s backing structure temporarily.

That’s why liquidity collapsed so quickly.

What Does the KelpDAO Attack Mean for DeFi Security in 2026?

This exploit highlights three major structural risks:

Cross-Chain Bridges Remain the Weakest Layer

Most major DeFi exploits still originate from:

bridge logic

oracle assumptions

verification layers

—not core smart contracts.

Restaking Protocols Add Extra Complexity Risk

Restaking introduces:

additional trust layers

additional routing layers

additional validator dependencies

Each layer increases attack surface.

Collateral Cascades Are the Real Danger

Even if a lending protocol is secure:

bad collateral can still create losses.

That’s exactly what happened here.

FAQ About the KelpDAO Exploit and Aave Safety

Why did a whale sell AAVE at a large loss after the exploit?

Large DeFi exploits often trigger panic deleveraging.

One whale reportedly exited a large AAVE position after the attack, likely reacting to liquidity risk and market uncertainty rather than a direct protocol compromise.

These moves are common during systemic DeFi stress events.

Can I withdraw funds from Aave right now?

Yes — unless your collateral is rsETH.

All other supported assets remain withdrawable.

Was Aave hacked?

No.

Aave froze rsETH markets as a defensive risk-management action.

The lending contracts themselves were not exploited.

Is rsETH still usable after the exploit?

Currently:

liquidity remains disrupted

markets remain partially frozen

recovery plans are still developing

Users should monitor official updates before interacting with rsETH again.

Should You Still Use Aave After the KelpDAO Exploit?

For most users:

yes.

The event demonstrates something important:

Aave’s emergency controls worked exactly as designed.

Instead of collapsing:

the protocol isolated risk exposure within hours.

That's exactly what a resilient lending system should do.

About WEEX

Founded in 2018, WEEX has developed into a global crypto exchange with over 6.2 million users across more than 150 countries. The platform emphasizes security, liquidity, and usability, providing over 1,200 spot trading pairs and offering up to 400x leverage in crypto futures trading. In addition to the traditional spot and derivatives markets, WEEX is expanding rapidly in the AI era — delivering real-time AI news, empowering users with AI trading tools, and exploring innovative trade-to-earn models that make intelligent trading more accessible to everyone. Its 1,000 BTC Protection Fund further strengthens asset safety and transparency, while features such as copy trading and advanced trading tools allow users to follow professional traders and experience a more efficient, intelligent trading journey.