Relay_Station / Zone_39
TECH
15.05.2026
Kelp DAO rsETH Protocol Fully Restores Operations Post-$293M Exploit
The incident on April 18, 2026, saw an attacker drain approximately 116,500 rsETH, valued at roughly $292 million at the time, by exploiting Kelp's LayerZero-based bridge. This sophisticated attack allowed a wallet, previously funded through Tornado Cash, to send a fabricated cross-chain data packet, tricking the mainnet bridging contract into releasing uncollateralized rsETH. The stolen assets were subsequently used as collateral on Aave V3 to borrow approximately $236 million worth of Wrapped Ether (wETH) across various chains. The exploit demonstrated a calculated pre-meditated operation, with the attack wallet preparing funds through Tornado Cash before initiating its actions.
The immediate aftermath involved a rapid suspension of the protocol's core functions, encompassing deposits, withdrawals, and rsETH exchange rate updates, all enacted to prevent further financial hemorrhage. Emergency multi-signatures were quickly deployed to freeze rsETH contracts across the mainnet and numerous Layer 2 networks. Despite these swift defensive measures, the attacker had already completed their primary objective, siphoning the substantial sum within 46 minutes of the initial breach. This timeline underscored the speed at which exploits can propagate through interconnected DeFi infrastructure and the inherent difficulty of real-time, coordinated response in a globally distributed system.
Kelp DAO has now confirmed a comprehensive update to the rsETH exchange rate. This update meticulously incorporates all staking reward earnings that accrued during the suspension period, ensuring no loss of yield for loyal holders. This critical adjustment reflects a deliberate effort to restore full economic integrity to the asset and rebuild user confidence. Furthermore, the distribution mechanism for EIGEN rewards is officially open to rsETH holders, with these rewards also covering the entire duration of the protocol's operational pause. This ensures participants are retroactively compensated for their commitment during the downtime.
The successful, verifiable resumption of services underscores the persistent efforts within decentralized finance to fortify security postures and implement robust, transparent recovery protocols. This incident, from its initial breach to today’s full restoration, provides a detailed case study in managing large-scale, multi-chain exploits that impact critical liquid restaking protocols. The technical remediation process demanded extensive collaboration with security auditors and external experts to meticulously verify the integrity of the reinstated systems before reopening them to the public.
Achieving a declared 100% backing of rsETH across both the Ethereum mainnet and all connected Layer 2 networks was a complex undertaking. It necessitated a thorough and auditable reconciliation of all underlying assets against issued rsETH tokens. For a liquid restaking token, which derives its value directly from the staked Ether it represents, this transparent verification is paramount. The re-activation of deposit and withdrawal functions injects crucial liquidity back into the ecosystem, enabling users to freely manage their positions and capital once more.
The rapid recovery, while commendable, inevitably reignites profound discussions around the architectural fragility of cross-chain interoperability solutions, especially those securing substantial locked value. The exploit's ability to manipulate a LayerZero-based bridge highlights a persistent attack vector. While the immediate financial crisis for Kelp DAO users has been mitigated through this technical restoration, the broader implications for LayerZero's inherent security model and the ongoing reliance on emergency pause mechanisms in ostensibly decentralized systems will continue to be subject to intense industry scrutiny.
This event and its resolution will undoubtedly influence future design paradigms for DeFi protocols that aspire to balance genuine decentralization with the undeniable necessity for swift and effective incident response. The overarching question remains whether the intricate architecture of these interconnected financial primitives can truly withstand persistent, sophisticated attacks without relying on forms of centralized intervention, and what more resilient, long-term architectural shifts might be enacted across the industry to prevent similar exploits from reaching such significant scales in the future.
Signals elevate this to HOT_INTEL priority.
// Related_Intel
More_Signals
‹ Return_to_Terminal
Traffic_Nodes
2
Mobile_Relay / Zone_37