Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
GateRouter
Smartly choose from 30+ AI models, with 0% extra fees
#rsETHAttackUpdate
The rsETH exploit that unfolded on April 18, 2026, stands as the largest security incident in the cryptocurrency industry this year, with approximately $293.7 million drained from KelpDAO's liquid restaking protocol. The attack exploited vulnerabilities in the protocol's bridge contract, creating a cascading effect that rippled across multiple DeFi platforms and exposed critical systemic risks in cross-chain infrastructure.
The attack methodology was sophisticated yet followed a familiar pattern seen in previous bridge exploits. The perpetrator leveraged the compromised bridge to generate unbacked rsETH tokens, which were then deposited as collateral across major lending protocols including Aave V3, Compound V3, and Euler. By using these illicitly obtained assets, the attacker borrowed substantial amounts of WETH and wstETH, creating over $236 million in bad debt. The stolen funds were split between Ethereum mainnet and Arbitrum, with $178 million and $72 million respectively, demonstrating the cross-chain nature of the exploit.
Aave emerged as the most significantly impacted protocol, with approximately $221.39 million in tainted rsETH collateral used to borrow around $190.86 million in WETH and $2.33 million in wstETH across both Ethereum and Arbitrum instances. The protocol's service providers published an incident report outlining two bad-debt scenarios ranging from $123.7 million to $230.1 million, prompting immediate risk mitigation measures including the freezing of rsETH markets on both Aave V3 and V4. This action prevented additional deposits but left existing positions exposed, triggering a massive $10.1 billion outflow of user assets from the protocol as depositors rushed to withdraw their funds.
The contagion extended beyond Aave to at least nine protocols total. Fluid confirmed it had paused all markets with potential rsETH exposure, while Compound's security partners submitted four governance proposals to adjust risk parameters on affected Comets. SparkLend froze its exposure, and Euler moved to contain the spreading risk. This cross-protocol impact highlights a fundamental vulnerability in DeFi's interconnected architecture, where assets deeply integrated across lending, vaults, and liquidity protocols can transmit failures instantaneously.
KelpDAO's response involved immediate contract pauses across mainnet and several layer-2 networks upon identifying suspicious cross-chain activity. The team announced partnerships with LayerZero, Unichain, their auditors, and security experts to conduct a root cause analysis. However, communications between KelpDAO and affected protocols appear to have been strained, with reports indicating that LayerZero had not issued specific recommendations to change the rsETH DVN configuration despite an open communication channel since July 2024.
The incident raises serious questions about bridge security in the restaking ecosystem. As Cyvers security experts noted, the ability to create unbacked synthetic assets through compromised bridging pathways and subsequently use them to borrow real assets represents exactly how such exploits escalate rapidly. The attack demonstrates that distributing assets across multiple chains does not distribute risk proportionally, and that bridge design has become an inseparable component of asset risk profiles in DeFi.
Industry observers have noted parallels with the earlier Drift Protocol exploit of $280 million, which this attack has now surpassed. The pattern of using compromised collateral to create bad debt across multiple platforms suggests that current risk management frameworks may be insufficient for the complexity of modern cross-chain DeFi. The Aave community is expected to discuss whether rsETH should be permanently delisted from all markets, following a pattern that has emerged after previous bad debt events.
The aftermath continues to unfold as protocols assess their exposure and implement remediation measures. The incident serves as a stark reminder that in DeFi's interconnected landscape, security is only as strong as the weakest link in the chain of integrated protocols. As the industry grapples with the implications of this exploit, the focus has shifted toward developing more robust cross-chain risk assessment frameworks and improving coordination between protocols when vulnerabilities are discovered.
The rsETH exploit that unfolded on April 18, 2026, stands as the largest security incident in the cryptocurrency industry this year, with approximately $293.7 million drained from KelpDAO's liquid restaking protocol. The attack exploited vulnerabilities in the protocol's bridge contract, creating a cascading effect that rippled across multiple DeFi platforms and exposed critical systemic risks in cross-chain infrastructure.
The attack methodology was sophisticated yet followed a familiar pattern seen in previous bridge exploits. The perpetrator leveraged the compromised bridge to generate unbacked rsETH tokens, which were then deposited as collateral across major lending protocols including Aave V3, Compound V3, and Euler. By using these illicitly obtained assets, the attacker borrowed substantial amounts of WETH and wstETH, creating over $236 million in bad debt. The stolen funds were split between Ethereum mainnet and Arbitrum, with $178 million and $72 million respectively, demonstrating the cross-chain nature of the exploit.
Aave emerged as the most significantly impacted protocol, with approximately $221.39 million in tainted rsETH collateral used to borrow around $190.86 million in WETH and $2.33 million in wstETH across both Ethereum and Arbitrum instances. The protocol's service providers published an incident report outlining two bad-debt scenarios ranging from $123.7 million to $230.1 million, prompting immediate risk mitigation measures including the freezing of rsETH markets on both Aave V3 and V4. This action prevented additional deposits but left existing positions exposed, triggering a massive $10.1 billion outflow of user assets from the protocol as depositors rushed to withdraw their funds.
The contagion extended beyond Aave to at least nine protocols total. Fluid confirmed it had paused all markets with potential rsETH exposure, while Compound's security partners submitted four governance proposals to adjust risk parameters on affected Comets. SparkLend froze its exposure, and Euler moved to contain the spreading risk. This cross-protocol impact highlights a fundamental vulnerability in DeFi's interconnected architecture, where assets deeply integrated across lending, vaults, and liquidity protocols can transmit failures instantaneously.
KelpDAO's response involved immediate contract pauses across mainnet and several layer-2 networks upon identifying suspicious cross-chain activity. The team announced partnerships with LayerZero, Unichain, their auditors, and security experts to conduct a root cause analysis. However, communications between KelpDAO and affected protocols appear to have been strained, with reports indicating that LayerZero had not issued specific recommendations to change the rsETH DVN configuration despite an open communication channel since July 2024.
The incident raises serious questions about bridge security in the restaking ecosystem. As Cyvers security experts noted, the ability to create unbacked synthetic assets through compromised bridging pathways and subsequently use them to borrow real assets represents exactly how such exploits escalate rapidly. The attack demonstrates that distributing assets across multiple chains does not distribute risk proportionally, and that bridge design has become an inseparable component of asset risk profiles in DeFi.
Industry observers have noted parallels with the earlier Drift Protocol exploit of $280 million, which this attack has now surpassed. The pattern of using compromised collateral to create bad debt across multiple platforms suggests that current risk management frameworks may be insufficient for the complexity of modern cross-chain DeFi. The Aave community is expected to discuss whether rsETH should be permanently delisted from all markets, following a pattern that has emerged after previous bad debt events.
The aftermath continues to unfold as protocols assess their exposure and implement remediation measures. The incident serves as a stark reminder that in DeFi's interconnected landscape, security is only as strong as the weakest link in the chain of integrated protocols. As the industry grapples with the implications of this exploit, the focus has shifted toward developing more robust cross-chain risk assessment frameworks and improving coordination between protocols when vulnerabilities are discovered.