From KelpDAO Attack to Aave Bad Debt Risk: Analysis of rsETH Collateral Crisis and Reserve Coverage Mechanism

On April 18, 2026, a non-technical attack that did not touch any smart contract code caused Aave, a leading lending protocol with no history of security incidents, to incur its largest bad debt ever. The attacker minted 116,500 rsETH out of thin air from KelpDAO’s cross-chain bridge, then deposited these unbacked tokens as collateral into Aave, borrowed a large amount of WETH, and disappeared. According to Gate market data, as of April 22, 2026, the AAVE token price was $92.51, down 7.72% over the past 7 days, with market sentiment in a neutral zone. However, market concerns go far beyond token price—can Aave’s Umbrella security reserve cover this potentially $230.1 million bad debt? Will this crisis trigger broader systemic contagion in DeFi?

Precise Attack in Forty-Six Minutes

At 17:35 UTC on April 18, 2026, the rsETH cross-chain bridge built on LayerZero technology by KelpDAO was attacked. The attacker released 116,500 rsETH from the Ethereum mainnet within 46 minutes, valued at approximately $292 million at the time, accounting for nearly 18% of the total rsETH circulating supply. KelpDAO’s emergency multisignature team froze core protocol components—including the LRT liquidity pool, withdrawal contracts, oracles, and rsETH tokens—about 46 minutes later, successfully intercepting two subsequent withdrawal attempts totaling 40k rsETH (about $100 million). But by then, the 116,500 rsETH had been transferred to eight pre-set cash-out addresses and quickly injected into Aave V3 and V4 markets.

This attack amount makes the KelpDAO incident the largest single DeFi protocol attack so far in 2026.

Timeline of Event Development

• Loss scale: 116,500 rsETH, approximately $292 million
• Affected Aave markets: Ethereum Core, Arbitrum, Mantle, Base, Linea, and 6 others
• Aave TVL outflow: about $8.3 billion in two days
• Total DeFi TVL evaporation industry-wide: about $10 billion

Deep Technical Chain Analysis

This attack was not a traditional smart contract vulnerability exploit but a complex event combining “bridge configuration flaw” with “state-level infrastructure attack.” The attack chain can be broken down into the following steps:

Step 1: Obtain RPC node list. The attacker acquired the list of RPC nodes used by LayerZero Labs’ decentralized validator network (DVN).

Step 2: Poison RPC nodes. The attacker compromised two RPC nodes, replacing their op-geth binary with a malicious version. These malicious nodes would provide forged data to the DVN’s IP address while appearing honest to other observers.

Step 3: Trigger DDoS-induced failover. The attacker launched DDoS attacks on the remaining uncompromised RPC nodes, forcing the DVN system to shift all traffic to the poisoned nodes.

Step 4: Send forged cross-chain message. The attacker submitted a forged cross-chain message claiming to originate from KelpDAO’s Unichain deployment. The DVN, relying on the poisoned nodes’ false on-chain state data, verified the message. With 2/3 multisignature approval, the forged message was authenticated as valid.

Step 5: Release rsETH on Ethereum mainnet. The attacker called functions commitVerification() and lzReceive(), triggering the rsETH OFT adapter on Ethereum to release 116,500 rsETH to the attacker’s address.

Step 6: Cash out and exit. The attacker distributed rsETH to 8 pre-set addresses, each completing the same operation within about 6 minutes: depositing rsETH as collateral into Aave, borrowing WETH, then transferring assets away.

The verifiable evidence of this attack lies in on-chain data: Unichain’s outboundNonce remained at 307, while the attacker’s claimed nonce 308 never existed; Unichain did not emit any PacketSent event for nonce 308; and the total supply of rsETH on Unichain was only 49.26, making the cross-chain burn of 116,500 impossible mathematically.

Quantitative Analysis of Aave’s Risk Exposure

According to a report by Aave risk service provider LlamaRisk released on April 21, the attacker collateralized 89,567 of the stolen rsETH into multiple Aave V3 markets, borrowing about 82,650 WETH (around $191 million) and 821 wstETH. Since these rsETH were minted out of thin air without real underlying assets, their collateral value in Aave is effectively zero, resulting in bad debt.

Aave faces two bad debt scenarios, with final resolution depending on KelpDAO’s loss allocation decision:

Data source: LlamaRisk event report

Reserve Coverage Capacity Assessment

As of the report’s release, the status of Aave’s related funds pools is as follows:

• Aave DAO treasury: holds about $181 million in assets
• Umbrella security reserve: about $80 million to $100 million
• OG security module: still holds about $300 million worth of AAVE tokens, which, if reduced by 20%, can provide an additional roughly $60 million loss coverage

Reserve gap estimation:

In the worst-case scenario (bad debt of $230.1 million), even utilizing Umbrella reserves (about $55 million cover), the DAO treasury (about $85 million available), and a 20% reduction in OG security tokens (about $60 million), there could still be a shortfall of approximately $76 million, which would need to be covered by borrowing or selling AAVE tokens.

Industry Opinions and Divergent Views

This incident has sparked very different interpretations and attributions across the industry, with key disagreements centered on three levels:

Responsibility attribution debate

LayerZero blames KelpDAO’s architecture choice, emphasizing that KelpDAO used a “1/1 DVN configuration,” meaning a single validator could approve cross-chain messages, whereas industry best practice is to adopt multi-DVN setups. LayerZero states it had repeatedly advised KelpDAO to migrate to multi-DVN, but the advice was not adopted, and it announced it will no longer sign messages for any application using 1/1 DVN.

KelpDAO states it has been operating on LayerZero infrastructure since January 2024 and maintained open communication with LayerZero’s team. They point out that the DVN configuration issue was discussed during the Layer 2 scaling phase, and the default setting was explicitly deemed appropriate, implying that LayerZero’s documentation and guidance bear responsibility.

Industry observers note that the attacker demonstrated the ability to connect “infrastructure, application, and trust relationship vulnerabilities,” indicating this was not a one-off opportunistic attack but a sophisticated infiltration targeting complex systems.

Evaluation of Aave’s response measures

Supporters recognize Aave’s quick response—freezing all 11 rsETH/wrsETH markets, setting LTV to zero, lowering multi-chain WETH rates, and freezing lending within hours. Aave founder Stani explicitly stated in a community AMA that the core protocol contracts were not compromised, and the roughly $12 million monthly revenue is sufficient to cover potential losses.

Critics worry that if the final step involves using staked AAVE tokens from the security module to cover bad debt, it essentially shifts the cost of KelpDAO’s vulnerability onto Aave stakers. Moreover, the Umbrella mechanism, launched less than two months ago, faces an untested stress test, and its effectiveness remains uncertain.

Reflection on DeFi’s Future Development

DefiLlama founder 0xngmi said that even protocols not directly affected experienced panic withdrawals—Aave’s net outflow was $6.2 billion (−23%), and the entire industry’s DeFi TVL evaporated nearly $10 billion. He bluntly stated, “In these events, there are no winners—only a smaller ‘cake’ for the entire industry.”

Conversely, some believe that despite the grim outlook painted by the “2026 hacker list,” the on-chain economy continues to expand—USDT and USDC combined market cap is about $263 billion, tokenized US Treasuries exceed $10.9 billion, and capital is shifting toward simpler, more transparent collateral products.

Industry Structural Impact

Impact on DeFi Security Paradigm

The KelpDAO incident exposes a structural blind spot in DeFi security: current audits focus mainly on smart contract code, but attackers can bypass code and target infrastructure directly. In this case, no contract vulnerabilities were exploited; instead, the attacker used RPC poisoning and DDoS to undermine cross-chain verification trust infrastructure. This indicates that DeFi threats have expanded from “code correctness” to “verification trust” and “infrastructure integrity.”

Security research groups point out that this attack, along with the early April $285 million theft of Drift protocol (involving permission abuse and pre-signed operation flaws), signals a trend: governance permissions, signature processes, bridging mechanisms, oracles, and parameter configurations are as critical as, or more than, the smart contract code itself.

Impact on Liquidity-Backed Token Markets

rsETH, as one of the largest liquidity-staked tokens in the EigenLayer ecosystem, faces an unavoidable trust crisis that will propagate across the entire LRT category. Before the incident, rsETH’s total locked value exceeded $1.5 billion. After the attack, rsETH markets were fully frozen. More importantly, this event validates the core risk proposition of cross-chain LRTs: when LRTs rely on cross-chain bridges to maintain circulation across multiple chains, any bridge vulnerability on one chain can threaten all token holders across chains with losses.

Long-term Creditworthiness of Aave

Although Aave’s core contracts were not compromised, the “collateral authenticity verification” issue will be a long-term governance concern. Some argue that the most urgent need is to establish collateral source verification mechanisms, requiring cross-chain assets like rsETH to provide real-time proof of underlying collateral via Merkle proofs, so oracles verify not only prices but also asset authenticity. Whether Aave will introduce stricter collateral verification in V4 will be a key industry focus.

Accelerating Capital Migration Trends

The capital outflow triggered by this event is uneven. Data shows that while overall DeFi TVL declined, the market cap of stablecoins and tokenized US Treasuries continued to grow—USDT at $185 billion, USDC at $78 billion, and tokenized US Treasuries exceeding $10.9 billion. This divergence indicates capital is moving out of high-complexity native DeFi products into simpler, more transparent collateral assets. Visa’s 2026 stablecoin strategy document also notes that stablecoin supply grew over 50% in 2025, with 2026 seen as a pivotal year for institutional participation.

Conclusion

The KelpDAO attack reveals a long-ignored systemic issue in DeFi: code security does not equal system security. When attackers can bypass code and attack infrastructure trust directly to steal $292 million, the entire industry must adjust its security paradigm. The final resolution of Aave’s bad debt will depend on multi-party cooperation and KelpDAO’s loss allocation decisions. More importantly, this incident will catalyze evolution in DeFi security standards—redundancy in cross-chain verification, proof of collateral authenticity, and risk isolation between protocols will no longer be “optional features” but “bottom lines for survival.” As DefiLlama’s founder said, there are no winners in such events, but they at least make the industry more resilient through pain.