Key Highlights
- Approximately $21.6 million, or about 9% of assets in Lido’s EarnETH vault, is at risk following the KelpDAO exploit.
- The exposure stems from a leveraged rsETH/ETH position on Aave, making it sensitive to market stress.
- The attack involved exploiting a LayerZero bridge vulnerability and draining 116,500 rsETH, valued at around $292 million.
Lido Finance, the liquid staking protocol, reported on Monday that around $21.6 million worth of assets, or nearly 9% of those held in its EarnETH vault, have been affected by the KelpDAO bridge exploitation issue. The update comes as KelpDAO has been struggling with the repercussions of the attack reported against the protocol on April 18.
According to an update shared on X, the attacker managed to drain 116,500 rsETH, which is estimated to be valued at approximately $292 million, from KelpDAO, a bridge built using the LayerZero technology, on April 18.
Further updates
Lido said its EarnETH product, which uses leveraged restaking strategies, has direct exposure to rsETH through a leveraged rsETH/ETH position on Aave.
Higher utilization rates of Aave lending pools have resulted in higher borrowing fees on the other levered positions in the vault, increasing the risks for the vault even more. At the same time, the Lido EarnETH and subvault teams are actively trying to deleverage their exposure to risky positions to minimize risks. Nevertheless, the final result for the rsETH exposure is uncertain, as it depends on actions from KelpDAO, LayerZero, and Aave.
In order to safeguard the interests of the depositors, the “first loss protection system” embedded within the EarnETH protocol is also activated. This includes a cushion of $3 million contributed by the Lido DAO treasury, which is able to cover any losses through the burning of vault shares held by the Lido DAO.
The growth committee will make further decisions about how this first loss protection system will be employed after getting a definitive report from the parties involved. In the meantime, the vault curator has stopped taking any deposits or withdrawals until the final decision has been made.
Lido added that if the situation remains unresolved for an extended period, withdrawals may resume with rsETH priced at a discount.
KelpDAO attack
The KelpDAO cross-chain bridge was exploited on April 18, 2026, at 17:35 UTC using a vulnerability present in the cross-chain infrastructure.
Attackers reportedly managed to forge a cross-chain message through LayerZero’s EndpointV2 smart contract, convincing the bridge that they had enough balance to withdraw 116,500 rsETH, which is an uncollateralized liquid restaking token estimated at $292 million, representing about 18% of its circulating supply. There were no reserves for the stolen tokens on the originating chain.
The attacker then used the tokens as collateral to borrow over $236 million from lending platforms, including Aave V3, Compound V3, and Euler. The incident contributed to a sharp drop in total value locked across affected protocols within 48 hours.
Complex risks in DeFi
The incident highlights the risks associated with leveraged restaking and interconnected DeFi systems.
Although the problem is related to only a small proportion of Lido’s overall operations, the fact that the potential losses amount to $21.6 million demonstrates how swiftly problems with bridges can turn into a major disaster for leverage strategies on decentralized finance platforms. Lido contributors have stated that they would be providing more updates regarding this situation.
Also Read: Tether Bets on Tokenized Funds With $8M KAIO Backing
