KelpDAO rsETH Exploit Drains ~$292M, Triggers Aave Freeze
KelpDAO disclosed a major cross-chain rsETH exploit after attackers drained about 116,500 rsETH (~$292M). The breach was linked to KelpDAO’s rsETH bridge, triggered via LayerZero EndpointV2’s “Iz Receive”, and funds were sent to an attacker-controlled wallet. Blockchain sleuth ZachXBT initially flagged the incident, estimating losses over $280M across Ethereum and Arbitrum. Investigators also noted Tornado Cash involvement before the exploit, suggesting attempts to obscure the funding trail.
KelpDAO moved quickly: it paused rsETH contracts on Ethereum mainnet and multiple L2s, and froze core contracts covering deposits, withdrawals, and oracle functions. An additional attempt to drain ~40,000 rsETH (~$100M) failed after the pause, keeping the total estimated loss around $292M instead of expanding toward ~$391M. KelpDAO said it is working with LayerZero and Unichain on root-cause analysis.
DeFi risk moved fast. Aave froze rsETH markets on V3 and V4 as a precaution, saying its own contracts were not exploited but it is reducing potential rsETH-related bad-debt exposure.
Traders should monitor rsETH liquidity and bridge/provider risk sentiment, plus lending protocol exposures, as cross-protocol contagion can rapidly drive risk-off positioning.
Bearish
This event is fundamentally negative for rsETH because the exploit caused a large, fast outflow, triggered contract pauses and market freezes, and increased perceived bridge/counterparty risk. Even though KelpDAO limited the second wave of theft, the immediate Aave rsETH market freeze signals higher short-term liquidity and settlement risk. In the longer run, uncertainty around losses, potential bad-debt accounting, and cross-protocol contagion can keep rsETH under selling pressure until audits/RCA outcomes improve confidence.