The core event was a direct liquidity drain. On April 18, attackers exploited a 1-of-1 verification flaw in KelpDAO's LayerZero bridge to drain 116,500 rsETH worth roughly $292 million. This wasn't a smart contract bug; it was a sophisticated attack on the off-chain verification layer that tricked the system into releasing funds based on a phantom token burn.
The scale of the loss was systemic. The stolen amount represented roughly 18 percent of circulating supply, directly attacking the token's backing and its peg. This wasn't just a protocol loss; it was a theft of the reserve that underpinned rsETH on over 20 other blockchains, instantly raising doubts about the token's value across the ecosystem.
Kelp's emergency pause prevented a second, larger theft. The protocol froze contracts 46 minutes after the initial drain, blocking two follow-up attempts that would have targeted another $100 million. Yet the damage to market confidence was immediate, triggering a wave of protocol freezes and panic redemptions that spread the contagion.
The Ecosystem Fallout: A Chain Reaction of Freezes
The exploit triggered a rapid chain reaction of protocol freezes, withdrawing over $300 million in liquidity from the ecosystem. Within hours, major lending protocols like Aave froze rsETH markets on V3 and V4, followed by SparkLend and Fluid. This wasn't isolated caution; it was a systemic flight from the token as its backing was exposed. The loss of the reserve eroded trust in rsETH's ability to maintain its peg across the network.
This created a negative feedback loop. The panic redemptions on Layer 2s pressured the unaffected Ethereum supply, forcing Kelp to potentially unwind restaking positions to honor withdrawals. The contagion spread further, with Lido Finance pausing deposits into its earnETH product due to rsETH exposure, and Ethena temporarily pausing its LayerZero OFT bridges as a precaution. The market's immediate reaction was a 10% drop in AAVE, pricing in potential bad debt.
The attack stands as the largest DeFi exploit of 2026, highlighting a surge in sophisticated attacks that target cross-chain flow infrastructure. It was the second major North Korean hack in a month, following the Drift Protocol breach. These attacks are not random; they are precise, high-value strikes on critical verification layers like LayerZero, designed to drain reserves and trigger cascading failures.
Catalysts and Risks: Redemption Pressure and Moral Hazard
The immediate catalyst is a redemption test. Kelp DAO's treasury must decide whether to cover the $292 million loss to meet redemptions. A failure to redeem would force a write-down of rsETH's value, likely triggering further selling and freezing across protocols holding the token. This creates a direct, negative feedback loop where panic redemptions pressure the remaining Ethereum supply, forcing Kelp to potentially unwind restaking positions to honor withdrawals.
The broader risk is a systemic moral hazard. Protocols like Aave and SparkLend have frozen markets, but the industry's tolerance for bailouts will be tested. As Jay Patel noted, the resulting governance crisis centers on whether treasuries should be used to make users whole. Repeated bailouts could undermine the decentralization ethos and encourage riskier bridge design, as actors learn that losses may be socialized.
The bottom line is a liquidity crisis with no easy exit. The stolen reserve was the backing for rsETH across 20+ networks, and its absence creates a trust vacuum. Whether Kelp can recover any funds before the Tornado Cash trail goes cold remains uncertain. The market's next move hinges on that recovery and the industry's collective decision on who bears the cost.