TLDR
- An attacker exploited a KelpDAO-LayerZero bridge flaw to create 116,500 counterfeit rsETH tokens, draining approximately $292 million
- Using worthless collateral, the hacker extracted roughly $190M in ETH from Aave, creating a deficit exceeding 112,000 rsETH
- Mass withdrawals hit Aave with approximately $9 billion in net outflows; DeFi’s total value locked plummeted by roughly $13 billion in two days
- An emergency response coalition named “DeFi United” emerged, with major players including Lido, EtherFi, and Aave’s creator committing ETH
- Portions of the stolen assets were converted to Bitcoin through Thorchain, severely limiting complete fund recovery prospects
On April 18, 2026, a malicious actor discovered and exploited a critical security flaw in KelpDAO’s LayerZero bridge infrastructure, generating 116,500 rsETH tokens with zero underlying assets.
Instead of immediately liquidating these fabricated tokens, the exploiter strategically deposited approximately 90,000 of them into Aave as legitimate collateral. Subsequently, they withdrew close to $190 million in ETH and various other digital assets spanning both Ethereum and Arbitrum networks.
This maneuver left Aave maintaining collateral with no actual value. The community quickly identified the problem, sparking a mass exodus resembling a traditional bank run on the platform.
Aave’s total value locked experienced a catastrophic decline of approximately $10 billion in the immediate wake of the incident. Net capital flight reached an estimated $9 billion by April 21, with TVL collapsing from more than $17.5 billion down to approximately $14.3 billion.
The contagion extended far beyond Aave alone. Throughout the entire decentralized lending sector, total value locked contracted by approximately $13 billion during the 48-hour period following public disclosure of the exploit.
Arbitrum’s security council responded swiftly, successfully freezing 30,766 ETH — valued at roughly $71 million — connected to the malicious activity. Unfortunately, a substantial portion of the remaining stolen assets were transferred into Bitcoin via Thorchain, dramatically complicating recovery prospects.
The DeFi United Recovery Effort
Aave together with its service ecosystem initiated a unified response labeled “DeFi United,” aimed at recapitalizing rsETH and containing bad debt proliferation throughout lending platforms.
Lido Finance emerged as the first major participant to formally commit. Its Lido Labs Foundation put forward a proposal to allocate as much as 2,500 stETH, representing approximately $5.7–$6 million, into a specialized relief mechanism. These resources would only be released if the total recovery fund reaches sufficient size to address the complete deficit.
EtherFi subsequently announced a proposal committing 5,000 ETH to safeguard users and halt bad debt accumulation. Aave founder Stani Kulechov independently pledged an additional 5,000 ETH from his personal holdings.
“Aave is my life’s work and we’re working nonstop to find the best possible outcome for users,” Kulechov posted on X.
Lido’s participation carries strategic significance. The organization operates an EarnETH vault with direct rsETH exposure, and absent a coordinated solution, vault participants could face losses approaching 9,000 ETH.
rsETH Reserves Paused Across Multiple Chains
Aave implemented damage control measures by suspending rsETH reserves throughout Ethereum Core, Arbitrum, Base, Mantle, and Linea networks while recovery strategies were being formulated.
The aggregate deficit stands at more than 112,000 rsETH, based on Aave’s official incident assessment. DeFi United’s primary objective centers not on retrieving stolen assets but on stabilizing the ecosystem through new capital infusions.
Aave indicated that additional commitments are anticipated once they receive formal confirmation.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
