#rsETHAttackUpdate

#rsETHAttackUpdate
The rsETH crisis has now moved beyond panic and entered the phase that truly defines DeFi—recovery, accountability, and structural reform.
Six days after the largest DeFi exploit of 2026, the immediate attack has been contained, but the real battle is now about restoring trust, repairing the peg, and deciding who absorbs the damage. The April 18 exploit exposed one of the most dangerous weaknesses in cross-chain infrastructure: a 1-of-1 bridge verification system that gave a single validator complete authority over hundreds of millions in value.
The attacker exploited KelpDAO’s LayerZero V2 bridge between Unichain and Ethereum by compromising the DVN verification path. Through RPC poisoning and validator manipulation, they successfully minted 116,500 unbacked rsETH tokens out of thin air. These fake assets were then deposited into Aave V3 as collateral to borrow large amounts of real WETH, creating a total loss of approximately 292 million USDT—the biggest DeFi hack of the year.
Emergency response was fast. Aave froze rsETH and wrsETH markets across all major deployments within 77 minutes. KelpDAO’s multisig also froze core contracts, preventing a second attempted theft worth nearly 95 million USDT. This action stopped the bleeding, but not the damage.
As of April 24, recovery remains incomplete. Around 70 million USDT tied to the exploit has been recovered by the Arbitrum Security Council, significantly higher than earlier estimates. However, much of the stolen capital has already moved through THORChain, making full recovery increasingly difficult. The overall recovery rate remains below 50%, and governance decisions on how recovered funds will be distributed are still pending.
The most important development is the rise of the DeFi United coalition—a coordinated rescue effort led by Aave to restore rsETH backing and eliminate bad debt across lending platforms. This is now the largest industry-wide recovery initiative DeFi has ever seen.
Aave founder Stani Kulechov personally committed 5,000 ETH. EtherFi governance approved up to 5,000 ETH from its DAO treasury with strong community support from 1,800 token holders. Lido committed 2,500 stETH, while Golem Foundation and Golem Factory added another 1,000 ETH. LayerZero, Mantle, Ink Foundation, Tydro, and others have joined discussions, with Mantle proposing a structured liquidity loan to strengthen Aave’s position.
More than 13,500 ETH has already been pledged, and a full recovery roadmap is expected within one week.
For users, the situation depends entirely on exposure type. Ethereum mainnet rsETH backed by real EigenLayer deposits remains fundamentally safe because the underlying staking positions were never compromised. Non-rsETH Aave users are also unaffected. But wrapped rsETH holders on Layer 2 networks face uncertainty because bridge reserve backing is broken, and final loss distribution has not been finalized.
The biggest lesson from this exploit is simple: 1-of-1 bridge security is dead.
The industry is now moving toward mandatory 2-of-3 multi-DVN verification, real-time bridge reserve monitoring, and strict TVL concentration limits. This attack permanently changed how DeFi will secure cross-chain assets.
The attack may be over, but the real test begins now. If DeFi United succeeds, it proves decentralized finance can survive black swan events through coordination instead of collapse. If it fails, the pressure for regulation, mandatory insurance, and stricter protocol oversight will become impossible to resist.
This is no longer just about rsETH.
This is about whether DeFi can protect itself when everything goes wrong.
‍#GateSquare #CreatorCarnival #ContentMining #Gate13周年