KelpDAO rsETH Exploit Drains $280M From Aave Markets

The incident unfolded around 17:35 UTC. Attackers minted roughly 116,500 rsETH tokens, worth approximately $290 million at prevailing prices, through a flaw in the protocol’s bridging logic. On-chain researchers believe the attack involved a manipulated lzReceive call targeting a LayerZero OFT contract used by KelpDAO’s bridge.

What Is rsETH and Why It Matters

KelpDAO’s rsETH is a liquid restaking token built on EigenLayer. It lets users stake ETH or liquid staking tokens like stETH into EigenLayer while keeping liquidity. In return, holders earn restaking yields and Kelp Miles points.

Before the rsETH exploit, KelpDAO held over $1.3 billion in total value locked. The token had also become one of the most widely accepted collateral assets on Aave, particularly across its V3 and V4 deployments. The protocol operated on multiple chains and had undergone audits.

How the rsETH Exploit Unfolded

According to on-chain analysis and community researchers including ZachXBT, the attacker first minted fake rsETH through the bridge vulnerability. They then deposited the tokens as collateral into Aave lending markets on both Ethereum and Arbitrum.

From there, the attackers borrowed the maximum possible amount of real assets against the inflated collateral, primarily WETH and ETH. They moved fast enough to extract the funds before liquidators could close the positions.

This left Aave with substantial bad debt. Some estimates place impaired WETH reserves in the hundreds of millions. After the extraction, the attackers routed funds through Tornado Cash to obscure the trail.

Aave Responds With Emergency Freeze

Aave acted within minutes. The protocol’s multisig guardians froze all rsETH markets on both Aave V3 and V4. The freeze halted new deposits and borrowing against the asset.

“Aave’s contracts have not been exploited and this is an exploit related to rsETH,” the protocol stated. Founder Stani Kulechov confirmed that the freeze prevents further exposure while the team reviews post-exploit borrows.

Aave indicated it would tap its Umbrella backstop and reserves to offset any deficit. The mechanism protects depositors in bad debt scenarios. Depositors with unrelated positions on Aave should not face losses, according to the team.

KelpDAO Response and Market Fallout

KelpDAO’s public statement.

The rsETH price corrected sharply after the exploit. The broader AAVE token also dropped by double digits on market fears. Both tokens saw elevated trading volumes as holders rushed to assess their exposure.

KelpDAO’s core staking contracts appear unaffected by the rsETH exploit and the vulnerability was isolated to the cross-chain bridging component. Investigations into the exact mechanism and potential fund recovery are ongoing.

Why Cross-Chain Bridges Remain a Weak Point

This incident highlights persistent risks in cross-chain bridging infrastructure. Bridges have historically been the most exploited component in DeFi. Notable examples include the Ronin Bridge ($625 million, 2022), Wormhole ($320 million, 2022), and Nomad ($190 million, 2022).

The rsETH exploit adds a new dimension to that pattern. Liquid restaking tokens exist for composability. They flow across chains and serve as collateral in lending markets. That composability amplifies the damage when attackers compromise a bridge.

In this case, the attacker did not need to steal existing tokens. They minted new ones through the bridge and used DeFi’s own infrastructure to extract real value. The combination of bridge vulnerability and lending market composability created a multiplied attack surface.

What This Means for Restaking and DeFi

The breach comes amid rapid growth in the restaking sector. EigenLayer and its ecosystem of liquid restaking tokens have attracted billions in deposits over the past year. Protocols like Ether.fi, Renzo, Puffer, and KelpDAO compete for market share.

This rsETH exploit could trigger a reassessment of how lending protocols evaluate LRT collateral. Aave and other platforms may tighten risk parameters for restaking tokens. Bridge security audits across the LRT ecosystem will likely face increased scrutiny.

Users with exposure to rsETH or Aave positions have been advised to monitor updates closely. The full extent of recoverable funds and long-term impact on EigenLayer restaking remains unclear as investigations continue.

This is not financial advice. Readers should conduct their own research before making investment decisions.