💥 The Exploit That Rattled the Entire Restaking Sector
On April 18, 2026, Kelp DAO became the target of the largest DeFi hack of the year. Attackers drained approximately 116,500 rsETH tokens from the protocol’s LayerZero bridge adapter, translating to a total loss of roughly $292 million. That figure made it the single largest crypto exploit of 2026, overtaking the previous record by a narrow margin. The attack did not just hurt Kelp DAO directly. It created a cascading problem across DeFi because the stolen rsETH tokens were unbacked, meaning they carried no real collateral behind them. Within two days of the attack, over $13 billion in total value locked exited DeFi platforms as users and investors reacted with alarm. For retail holders of rsETH and anyone with exposure to liquid restaking protocols, the fallout was immediate and painful.
🔓 A Single Weak Link in the Bridge Infrastructure
The technical root cause of the Kelp DAO hack was a dangerously minimalist security configuration. Kelp’s LayerZero bridge used a “1-of-1 verifier” setup, meaning only one node was responsible for validating cross-chain messages before funds were released. Attackers linked to North Korea’s Lazarus Group exploited this by first compromising two data-source nodes feeding the verifier, then launching a distributed denial-of-service attack to knock all remaining legitimate nodes offline. With only attacker-controlled nodes left, the verifier was fed fraudulent cross-chain messages and approved the release of tokens. After the funds were moved, malware deleted itself and erased log files to cover the trail. This attack vector had actually been flagged by a development team as far back as January 2025, warning that a single compromised validator signature could trigger unauthorized fund releases. Despite that public warning, the vulnerability remained unpatched for fifteen months.
⚠️ Why Aave Faces a Direct Bad Debt Problem
The Kelp DAO hack did not stop at the bridge. The attacker used approximately 89,567 of the stolen unbacked rsETH tokens as collateral on Aave’s lending protocol, borrowing roughly $190 million in WETH and wstETH across Ethereum and Arbitrum mainnet. Because the rsETH collateral has no real backing, any liquidation of those positions would leave Aave absorbing the losses as bad debt with nothing to recover against. The original shortfall calculated by Aave’s service providers came to approximately 163,183 ETH. Some of that gap has since been narrowed: roughly 43,168 ETH in Kelp-frozen tokens, around 30,766 ETH frozen by the Arbitrum Security Council, and approximately 14,168 ETH expected from liquidations reduce the net exposure. Even after accounting for all of that, a remaining gap of roughly 75,081 ETH still needed to be closed through outside funding.
🤝 DeFi United: A Coalition Built to Fill the Gap
Rather than waiting for on-chain governance to slowly respond, Aave’s service provider TokenLogic helped assemble a cross-protocol relief fund called DeFi United. The coalition drew in EtherFi, Lido, Ethena, Mantle, the Ink Foundation, BGD Labs, and a number of individual contributors. Notably, Aave founder Stani Kulechov committed a personal contribution of 5,000 ETH. EtherFi pledged 5,000 ETH, placing it in an interesting position given that it directly competes with Kelp in the liquid restaking market. Lido DAO advanced a proposal to contribute up to 2,500 stETH worth approximately $5.8 million. As of April 24, the fund had gathered roughly 69,534 ETH, worth about $161 million, against a target of 100,000 ETH. By any measure, this represents the largest coordinated cross-protocol crisis response in DeFi’s history. Never before have this many protocols pooled this much capital across organizational boundaries to absorb losses tied to an entirely separate protocol.
🗳️ Aave’s 25,000 ETH Governance Vote and Mantle’s Strategic Play
Aave’s formal proposal to contribute 25,000 ETH from its treasury is the centerpiece of the DeFi United effort and would make Aave the largest single donor to the fund. TokenLogic published the proposal, and it has moved toward a Snapshot vote requiring community approval. The funding structure combines three sources to close the remaining shortfall: 14,570 ETH from public donations, a 30,000 ETH credit facility from Mantle, and the proposed 25,000 ETH from the Aave treasury. Mantle’s offer comes with notable conditions. In exchange for the structured loan, Mantle would receive 130,000 delegated AAVE tokens, granting a rival blockchain network direct governance influence inside Aave’s DAO. Aave Labs would also be authorized under the proposal to pledge DAO assets and future protocol revenue as collateral to secure various funding arrangements. The vote’s outcome will set a significant governance precedent for how Aave manages treasury risk going forward.
🎯 What Investors Should Take Away From This Moment
The Kelp DAO exploit and the DeFi United response together represent a defining moment for the liquid restaking sector and for DeFi broadly. On one hand, a $292 million hack caused by a known, unpatched vulnerability signals that bridge security remains one of the industry’s most critical and neglected weak points. Total value locked across DeFi now sits just above $80 billion, down more than 27% from the roughly $110 billion recorded at the start of 2026, reflecting a significant erosion of confidence. On the other hand, the speed and scale of the DeFi United coalition shows that major protocols are increasingly willing to treat ecosystem stability as a shared responsibility. For investors, the key questions to monitor are whether the Aave governance vote passes with broad support, whether Kelp reopens withdrawals and LayerZero restores its bridge, and whether the Mantle loan terms create durable governance conflicts inside Aave. The outcome of this recovery effort will shape how DeFi protocols respond to crises for years to come.
Sources
https://www.theblock.co/post/398863/aave-proposes-25000-eth-contribution-defi-united-plug-kelp-dao-exploit-hole
https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains
https://www.coindesk.com/business/2026/04/23/aave-rallies-defi-partners-to-contain-fallout-from-usd292-million-kelpdao-hack
https://thedefiant.io/news/defi/aave-dao-rseth-kelp-funding-proposal-pbrxrh
https://www.halborn.com/blog/post/explained-the-kelp-dao-hack-april-2026
https://phemex.com/academy/defi-united-seven-protocols-largest-bailout
https://www.cryptotimes.io/2026/04/24/mantles-30000-eth-loan-for-aave-comes-with-a-strategic-catch/
https://governance.aave.com/t/arfc-rseth-incident-funding-update/24740
https://www.cryptotimes.io/2026/04/21/kelp-daos-vulnerability-was-flagged-15-months-ago-defi-failed-to-act/
Crypto Club and Mode Mobile communications are for informational purposes only, and are not a recommendation, solicitation, or research report relating to any investment strategy, security, or digital asset. All investments involve risk including the loss of principal and past performance does not guarantee future results.
Any information contained in this commentary does not purport to be a complete description of the securities, markets, or developments referred to in this material. The information has been obtained from sources considered to be reliable, but we do not guarantee that the foregoing material is accurate or complete. There is no guarantee that any statements or opinions provided herein will prove to be correct.
Get fresh insights, breaking news, and hidden gems in the world of crypto—delivered straight to your inbox with our Crypto Cookies newsletter.
Don’t miss out—sign up now and get your first bite of insider knowledge!
