It started with a single forged message. On April 18, 2026, a cross-chain packet that should never have cleared caused Kelp’s rsETH LayerZero V2 bridge to release 116,500 rsETH onto Ethereum mainnet without a matching burn on Unichain. What followed became the largest DeFi exploit of the year.
Within minutes, the attacker had split the stolen tokens across seven wallets. Within an hour, 89,567 rsETH was sitting inside eight Aave V3 positions, used as collateral to borrow 82,650 WETH and 821 wstETH. Health factors sat between 1.01 and 1.03.
Utilization Rate (%) Liquidity Impact, Core Market. USDC and USDT hit 100% utilization around April 19 before slowly compressing through May. Source: Aave.
The Bridge Config Nobody Fixed in Time
The root failure was architectural. Kelp’s LayerZero V2 bridge from Unichain to Ethereum ran a one-of-one Decentralized Verifier Network. One signer confirmed every inbound cross-chain message.
That verifier, operated by LayerZero, got hit by an RPC-poisoning attack. The attack manipulated its view of source-chain state, causing it to attest to a transaction that never happened on Unichain. The Ethereum endpoint accepted inbound nonce 308 while Unichain’s source endpoint still showed outbound nonce 307. That gap cost Aave markets roughly $230 million.
Aave’s own smart contracts did exactly what they were designed to do. The protocol trusted the collateral it was given. That trust, extended through a bridge it did not control, was the single point where everything broke.
As 0xngmi posted on X on April 19, withdrawals spread well beyond Aave: Morpho saw $716M leave, Sky dropped $272M, and even unaffected Solana lending platforms logged outflows. The fear moved faster than the exploit itself.
Forty-Eight Hours That Defined the Response
The Aave Protocol Guardian and Risk Steward moved fast. By 19:00 UTC on April 18, rsETH and wrsETH were frozen across all Aave V3 deployments with loan-to-value set to zero. On Aave V4, the Kelp Spoke was frozen entirely across both WETH and rsETH reserves, and WETH borrowing on the Spoke was shut off.
Kelp paused 43,373 rsETH connected to the exploit between 18:00 and 19:00 UTC the same day. On April 20, the Guardian froze WETH across Ethereum Core, Ethereum Prime, Arbitrum, Base, Mantle, and Linea, cutting off new borrows against WETH collateral.
On April 21, at 03:46 UTC, the Arbitrum Security Council froze 30,766 ETH in an Arbitrum One address tied to the attacker. That decision would later pull a Manhattan federal court into the middle of a DeFi recovery.
WETH Liquidity on Aave V3 Core Market. Liquidity collapsed sharply around April 19 then rebuilt through May, reaching $750.8M by late May. Source: Aave.
A $300 Million Coalition and Five Tranches
Aave Labs launched DeFi United to coordinate backing restoration for rsETH. The alternative was socialized losses across every protocol holding the token. Industry-wide capital commitments to refill the LayerZero OFT adapter were the only path that limited user harm.
Contributors included Lido, EtherFi Foundation, Ethena, Ink Foundation, Golem Foundation, Mantle, Aave DAO, Keyring, KelpDAO, LayerZero, Compound, and Consensys. Joseph Lubin provided strategic involvement from Consensys. By April 25, the fund had cleared $160 million in commitments. It grew to around $300 million by the time the full post-mortem was published.
The technical recovery ran in two phases. Phase I cleared the attacker’s positions via Aave Improvement Proposal 478 on May 6. Parallel liquidations on Compound ran alongside. The 89,567 rsETH transferred to the Aave Recovery Guardian. No other users took losses. Umbrella stakers were unaffected.
Phase II filled the adapter across five tranches. The Aave Guardian transferred 25,000 rsETH on May 13. Another 25,000 followed on May 16. Kelp added 20,000 rsETH on May 19. A fourth tranche of 26,758.29 rsETH from the Aave Guardian landed on May 22. Kelp transferred the final 20,373.72 rsETH on May 26. Five tranches, 116,131.72 rsETH total. Backing fully restored.
WETH LTV across all affected V3 deployments was reset to pre-exploit values on May 16 via AIP 482. The standard rate curve returned on May 18 when the Risk Steward reset the WETH IRM to pre-incident parameters.
GHO Held. The GSM Absorbed the Shock.
GHO’s direct backing was untouched by the exploit. Stress hit only the secondary-market peg: the stablecoin fell to $0.9988 on April 20, a 12.5 basis-point discount, before drifting back toward parity over the following days.
GHO peg vs GSM reserves over the Kelp rsETH bridge incident window. GHO dipped to $0.9988 on April 20 before recovering. USDT GSM inventory fully drew down within 19 hours. Source: Aave.
The GHO Stability Module absorbed the shock as designed. USDT inventory drew down fully within roughly 19 hours. USDC inventory fell about $33 million over the following week. Both are refilling, with USDT back at its exposure cap and USDC still partially drawn down.
Outside the affected Kelp Spoke, Aave V4 liquidity stayed positive throughout the entire incident window. Deposits grew from $30.8 million to $59.23 million over the recovery period. Active loans grew from $12.4 million to $20.69 million.
Manhattan Court, Frozen ETH, Still Waiting
On May 1, judgment creditors in an unrelated federal matter filed a restraining notice on Arbitrum DAO seeking roughly $71 million of the frozen ETH pending return to affected users.
Aave LLC filed an emergency motion to vacate on May 4. On May 8, the court modified the notice to allow an onchain Arbitrum governance vote and transfer of the ETH to Aave LLC, with the restraining notice attaching to Aave LLC upon receipt. The amended Constitutional AIP passed the Arbitrum DAO. The 30,765.667 ETH has not moved yet. The substantive merits are still under court consideration.
What Aave Is Building Into the Protocol Now
Aave Labs posted a new Technical Asset Listing Framework to the governance forum on May 28. It covers technical baselines for new listings, continued listings, and parameter expansions across Aave V3, V4, and Horizon. A Bridge Assessment Framework and a Non-Technical Asset Listing Framework are in progress. LlamaRisk will publish a new Risk Framework for asset analysis separately.
Risk Stewards executed 295 individual parameter changes after the incident. A single risk-off round on April 23 pushed through 234 cap writes: 168 supply cap reductions and 66 borrow cap reductions. Active reserves had caps reduced to about 1.2 to 1.3 times current deposits.
The bug bounty program was raised fivefold. LlamaRisk is finalizing an automated LTV-zero system that triggers as soon as a collateral crosses defined risk thresholds. On Aave V4, the same logic already extends into the Dynamic Risk Configuration, allowing collateral factors to be set independently for new and existing users.
Kelp DAO said it is moving parts of its bridge infrastructure away from LayerZero and toward Chainlink’s CCIP system, a direct response to the April 18 verification failure.
For a retail rsETH holder or a Kenyan DeFi user navigating liquid restaking positions across these markets, the 40-day window was real-time proof of two things: what bridge configuration risk actually costs, and what coordinated recovery infrastructure looks like when it is forced to work.
