The biggest DeFi heist of 2026, hackers stole everything and conveniently set a trap for Aave.

Author: Xiao Bing, Deep Tide TechFlow

On April 18th at 17:35 UTC, a wallet that had used Tornado Cash to wash funds sent a cross-chain message to LayerZero’s EndpointV2 contract.

The message’s meaning was simple: a user on one chain wanted to cross back rsETH to the Ethereum mainnet. According to protocol design, LayerZero faithfully relayed the instruction. Kelp DAO’s bridge contract deployed on the mainnet also executed the release as intended.

116,500 rsETH, worth approximately $292 million at the time, was transferred in a single transaction to an attacker-controlled address.

The problem was, no one had ever deposited that rsETH on the other chain. This “cross-chain request” was fabricated out of thin air, LayerZero believed it, and Kelp’s bridge also trusted it.

46 minutes later, Kelp’s emergency multisig finally pressed the pause button. By then, the attacker had already completed the second half of the operation: depositing the stolen, essentially unanchored rsETH into Aave V3 as collateral and borrowing about $236 million worth of wETH.

This is the largest DeFi theft so far in 2026, surpassing the $2.3 million stolen from the Drift protocol by North Korean hackers on April 1, but what truly chills industry spines isn’t just the amount.

How the attack happened: three attempts from 17:35 to 18:28

Let’s reconstruct the timeline.

17:35 UTC, first strike. The attacker called the lzReceive function on LayerZero EndpointV2 contract, a Tornado Cash-funded wallet sent a forged cross-chain data packet to Kelp’s bridge contract. The contract verified it, releasing 116,500 rsETH to the attacker’s address. A clean single transaction.

18:21 UTC, Kelp’s emergency multisig froze the core rsETH contracts on mainnet and multiple L2s. 46 minutes after the attack.

18:26 and 18:28 UTC, the attacker attempted two more times, each with a LayerZero data packet trying to withdraw another 40,000 rsETH (about $100 million). Both attempts reverted; the contracts were frozen, but the attacker apparently kept trying to drain the remaining liquidity.

From the first successful attack to Kelp’s public statement, nearly three hours passed.

Kelp’s first tweet was only issued at 20:10 UTC, with a restrained tone: “Suspicious cross-chain activity involving rsETH detected; mainnet and multiple L2 rsETH contracts have been paused; working with LayerZero, Unichain, auditors, and external security experts for root cause analysis.”

But earlier than the official statement, chain analyst ZachXBT had already issued an alert on his Telegram channel before 3 pm ET, listing six wallet addresses linked to the theft, noting that these wallets had used Tornado Cash before acting. He didn’t name Kelp DAO explicitly, but on-chain analysts quickly connected the dots within hours.

This was a premeditated, minute-level execution. Pre-funded, washed wallets, carefully crafted cross-chain data packets, continuous actions involving attack and Aave collateralization—each step like a metronome.

After stealing, still trying to scam

If it were just a simple bridge vulnerability, stealing 116,500 rsETH and fleeing, this would be at most a major incident of 2026. Kelp bears the loss, the community absorbs it over a few days, and the industry moves on.

But the attacker clearly did the math. rsETH’s secondary liquidity isn’t deep; dumping $292 million into a DEX would cause slippage that eats into profits. A more elegant exit would be to package this “spontaneously obtained rsETH” as seemingly solid collateral and borrow out truly liquid assets on lending protocols.

So the attacker took a second step: deposit the stolen rsETH into Aave V3 as collateral and borrow a large amount of wETH.

Why is this step deadly? Because at that moment, the Aave contract still valued the collateral based on the rsETH oracle price, but the reserves in the bridge had already been drained—meaning the underlying economy of that rsETH no longer existed. The lending protocol was still issuing loans as if the collateral was worth 100% of its value, but in reality, it was a worthless check.

The result: the attacker shifted the risk of liquidation onto Aave’s wETH reserve pool.

Aave V3’s wETH reserves are now absorbing bad debt. Solidity developer and auditor 0xQuit warned on X that the wETH pool has already been impacted; some withdrawals can only be processed after Aave’s Umbrella backstop module covers the deficit.

The latest estimate of bad debt is around $177 million, and this is only on the Ethereum mainnet side.

The first major test foretold

For seasoned DeFi players, this feels familiar—like the Luna collapse in 2022, when Aave V2’s Safety Module also played a similar role.

But this time, it’s Umbrella. Aave launched this new backstop system at the end of 2025 to replace the old Safety Module, and this incident is the first major stress test of Umbrella’s automatic bad debt coverage mechanism.

Umbrella’s logic is straightforward: pledge aTokens like aWETH, aUSDC, GHO into corresponding Umbrella insurance pools, earn extra incentives, but if the asset pool goes into deficit, the pledged assets are slashed proportionally to cover the gap.

This design looks good on paper. In the first month of Aave v3.3, the total pool deficit was about $400, with nearly $9.5 billion in outstanding loans—an almost negligible ratio.

But $177 million in bad debt is a different scale. For users who staked aWETH into Umbrella, this will be the first real experience of what “bearing slashing risk” means. Aave’s official statement was cautious: if bad debt occurs, Aave plans to use Umbrella assets to cover any shortfall. But whether it can fully cover, how high the slashing ratio will be, and how much principal is lost—those details will only be clear after settlement.

The original sin of cross-chain bridges

Even more unsettling is the identity of the stolen rsETH.

rsETH is deployed across over 20 networks including Base, Arbitrum, Linea, Blast, Mantle, Scroll, with cross-chain transfer handled via LayerZero’s OFT standard. The drained bridge reserves are precisely what back all “wrapped” rsETH on these networks.

This setup sounds routine: mainnet vaults hold 1:1 reserves, L2 rsETH holders can theoretically redeem back to mainnet at any time. But this mechanism’s premise is that the vaults are actually funded.

Now, 18% of the vaults are empty. About 18% of the total circulating rsETH supply in Kelp has lost its backing overnight.

This creates a feedback loop: if L2 holders panic and redeem en masse, pressure will transfer to the unaffected Ethereum supply, possibly forcing Kelp to unwind re-staking positions to meet withdrawal demands.

Unwinding re-staking isn’t instant. EigenLayer withdrawals have delays, validator exits are queued. If L2 rsETH holders rush to redeem, Kelp might not have enough time to prepare the mainnet liquidity.

This is a fundamental risk of the bridge reserve model: as soon as the mainnet pool fails, downstream liquidity is at risk of collapse. Every L2 rsETH holder faces the same dilemma—run first or trust Kelp to cover.

Within hours, panic swept through the entire DeFi lending sector.

Aave V3 and V4 froze rsETH markets; new deposits and rsETH-based lending channels were shut down.

SparkLend, Fluid followed suit, freezing rsETH markets.

Ethena, claiming no rsETH exposure and maintaining over 101% collateralization, paused its LayerZero OFT bridge from Ethereum mainnet as a precaution, expected to be down about six hours. This reaction is telling: even players without direct exposure are halting LayerZero bridges.

Lido Finance paused new deposits into earnETH (which contains rsETH exposure), emphasizing that stETH and wstETH are unaffected, and that their core staking protocol is unrelated to this incident.

Upshift paused deposits and withdrawals for High Growth ETH and Kelp Gain vaults.

The list continues to grow.

Deep Tide commentary: DeFi security remains a long road

As of this writing, Kelp DAO’s root cause analysis is ongoing. How much of the stolen rsETH can be recovered through security teams or white-hat negotiations? Can Aave’s Umbrella withstand this bad debt? Will L2 rsETH holders trigger a run? Will AAVE and rsETH prices stabilize before the weekend?

But some issues have already become apparent.

For example, can LRT still qualify as collateral in lending protocols?

Liquid Restaking Token (LRT) was the darling of the Ethereum ecosystem last cycle. EigenLayer promoted the “ETH earning multi-layer yields” narrative, and protocols like Kelp, ether.fi, Puffer industrialized this story. The end result: LRT was added to the collateral whitelist of major lending protocols as a structured asset.

This decision was based on an assumption: that LRT’s peg mechanism is robust enough, and the multi-layered risk of nested assets can be fully modeled and isolated by smart contracts.

The Kelp incident punctured this assumption in just an afternoon. Risks of LRT come not only from underlying smart contracts but also from its cross-chain distribution architecture; not only from individual protocols but from every dependency between LRT, EigenLayer, LayerZero, and Aave. DeFi Lego blocks may seem safe individually, but assembled into a puzzle, the risks multiply rather than add.

In the coming months, all lending protocols still listing LRT as high-grade collateral will need to reassess risk parameters. borrowing caps will be lowered, liquidation buffers widened, some protocols may delist altogether.

DeFi’s moat has long been called “composability,” but this incident reminds everyone: composability is a double-edged sword. The network effects you pride in can become amplifiers in the hands of attackers.

This attacker’s premeditated exit path shows that DeFi’s composability, once weaponized, expands the attack surface. The more tightly coupled and richly composable the protocols, the larger the attack surface, and the more “financial Lego” pieces an attacker can manipulate.

DeFi security remains a long journey.