On April 18, 2026, a single forged cross-chain message drained 116,500 rsETH, worth $292 million, accounting for 18% of the circulating supply, from KelpDAO’s LayerZero V2 bridge. The attacker minted unbacked tokens, deposited 89,567 rsETH ($221M) as collateral across seven Aave wallets, and borrowed over $193 million in WETH + wstETH before markets froze.
Aave’s contracts were not hacked—the risk came from an external collateral failure. But the fallout created $124M–$230M in potential bad debt on Aave V3/V4 markets. TVL plunged $6–8.5 billion in days, WETH utilization hit 100%, and the native token AAVE dropped roughly 18%.
The real question everyone is asking: Who actually pays? LlamaRisk (Aave’s risk provider) modeled two clean scenarios based on how KelpDAO socializes (or isolates) losses. But four days later, governance reality—ongoing Aave DAO proposals, KelpDAO silence on haircuts, treasury math, Umbrella pauses, and ecosystem side-deals—is messier and more consequential than any model.
The Exploit in 60 Seconds: How a 1-of-1 DVN Created $292M of “Ghost” rsETH
Kelp rsETH uses a lock-and-mint bridge via LayerZero V2. The Unichain-to-Ethereum route was configured 1-of-1 DVN (single verifier). The attacker:
- Forged an inbound packet (no corresponding burn on source).
- Released 116,500 rsETH from Ethereum’s OFT adapter (balance crashed from ~116k to near-zero).
- A follow-up packet for 40k rsETH partially reverted; Kelp later recovered 40,373 rsETH into the adapter.
Current adapter backing: 40,373 rsETH vs. 152,577 rsETH remote claims on L2s → 26.46% backing ratio. Mainnet rsETH remains backed by Kelp’s actual ETH restaking deposits (~533k–630k ETH equivalent). The hole is isolated to the bridge layer—for now.
Aave exposure (exact attacker positions as of April 20 report):
| Market | rsETH Supplied | WETH Borrowed | wstETH Borrowed |
| Ethereum Core | 53,400 | ~52,854 | 0 |
| Arbitrum | 36,167 | ~29,795 | ~821 |
| Total | 89,567 | 82,650 | 821 |
| Value | $221.39M | $190.86M | $2.33M |
Health factors settled at 1.01–1.03. Liquidations are impossible while rsETH is worthless.
Llamarisk’s Two Scenarios: Clean Math, Brutal Trade-offs
LlamaRisk’s April 20 report models bad debt solely on how Kelp handles the 112,204 unbacked rsETH gap. No assumptions about recoveries or Aave treasury yet.
Scenario 1: Global Pro-Rata Socialization (15.12% haircut across ALL rsETH)
- Losses spread uniformly → every rsETH (mainnet + L2) repriced to 84.88% of oracle value.
- Total Aave bad debt: $123.7M
- Breakdown (WETH reserves unless noted):
| Chain | Bad Debt (USD) | % of Reserve |
| Ethereum Core | $91.79M | 1.54% |
| Mantle | $10.38M | 9.54% |
| Arbitrum | $10.30M | 3.11% |
| Base | $6.12M | 3.00% |
| Others | ~$5.1M | <2.3% |
| Total | $123.7M | – |
Scenario 2: L2 Isolation (73.54% haircut only on bridged rsETH)
- Mainnet untouched; L2 rsETH marked to 26.46% backing.
- Total Aave bad debt: $230.1M (almost entirely L2)
- Mantle: 71.45% WETH shortfall (~$77.7M)
- Arbitrum: 26.67% shortfall (~$88.4M)
- Base, Linea, Ink also hit hard. Ethereum Core spared.
Key insight: The difference is ~$106M—and it hinges entirely on KelpDAO governance, not Aave.
Governance Reality: What’s Actually Happening (April 22 Update)
KelpDAO has not announced loss socialization. Their public stance (as of April 21): “All rsETH on mainnet is fully backed.” They recovered the 40k packet, froze contracts, and cooperated with Arbitrum’s Security Council, which froze 30,766 ETH of attacker funds on Arbitrum.
Aave side (real-time moves):
- Markets frozen instantly (rsETH, then WETH on affected chains).
- Umbrella pause proposal live: Direct-to-AIP to pause stkwaWETH on Ethereum V3. Why? Prevents automatic slashing until exact bad debt is known; gives governance breathing room.
- Treasury firepower: $181M in assets + strong 2025–2026 cash flow ($149M + $40M YTD). Ecosystem “indicative commitments” already secured (unnamed but described as “strong support”).
- No immediate supplier haircuts planned. Governance chatter leans toward treasury + selective Umbrella use + possible AAVE issuance over broad WETH haircuts.
Polymarket currently prices ~26% chance Kelp socializes globally. Community consensus tilts toward L2 isolation as the “cleanest” path—mainnet holders unaffected, bridged claims take the hit.
Who Actually Bears the Losses? The Waterfall (and the Reality Check)
At the center of the issue is a simple question: whether the losses sit first with rsETH holders, with Aave, or with both. Truth is there more verticals to look at and here is a quick rundown:
- rsETH holders → Primary losers via whatever haircut Kelp chooses (15% global or 73%+ on L2). This is the economic reality of the bridge failure.
- Aave WETH suppliers → Only if bad debt exceeds Umbrella + treasury + ecosystem deals. Under Scenario 1, Core reserve takes ~$92M (1.54% hit). Under Scenario 2, L2 suppliers take bigger proportional pain.
- Umbrella stakers (aWETH) → First backstop on Core; proposal to pause suggests controlled use, not full wipeout.
- Aave DAO / stkAAVE / treasury → Residual via issuance or direct funding. $181M treasury covers most realistic gaps.
- Attacker recoveries (Arbitrum freeze, white-hat negotiations) → Flow back to affected parties, likely chain-by-chain.
Bottom line: Both sides share pain, but not equally. rsETH holders eat the structural depeg. Aave users face temporary illiquidity and possible minor haircuts—but governance + balance sheet strength make full socialization across Aave suppliers unlikely.
Lessons No One Wants to Admit
- 1-of-1 DVN bridges are still single points of failure in 2026.
- Liquid restaking tokens on lending protocols amplify bridge risk into systemic bad debt.
- Governance speed matters: Aave’s freeze + report in <48 hours prevented worse contagion.
- “Fully backed on mainnet” is true—until a DAO vote changes it.
The $292M hole won’t vanish. It will be socialized, absorbed, or recovered—one governance vote and one KelpDAO decision at a time.
Watch these signals:
- KelpDAO’s next statement on redemption/haircut mechanics.
- Aave’s Umbrella vote outcome.
- Any on-chain recovery flows from frozen Arbitrum funds.
This isn’t just another hack recap. It’s a live stress test of DeFi’s two biggest promises: collateral risk management and decentralized governance under fire. The numbers are clear. The reality is still being written on-chain.
