Kelp Exploit Spreads DeFi Contagion as Protocols Freeze rsETH Exposure
KelpDAO’s rsETH incident quickly became a DeFi contagion story because the risk spread beyond the protocol where the suspicious activity started. The counterpoint is that the fastest reactions from KelpDAO, Aave and LayerZero also showed Ethereum DeFi still has some ability to quarantine collateral shocks before every connected protocol turns into a direct exploit victim.
Key Takeaway
- KelpDAO paused rsETH contracts across mainnet and several layer-two networks after suspicious cross-chain activity.
- Aave froze rsETH markets while saying its own contracts were not exploited.
- Executives and market participants say the episode shows how non-isolated collateral can transmit bridge risk across DeFi.
What Happened in the Kelp rsETH Exploit
On April 18, 2026, KelpDAO said it had identified suspicious cross-chain activity involving rsETH and paused contracts across Ethereum mainnet and several Layer 2 networks while it worked with LayerZero, Unichain, auditors and security experts on a root cause analysis.
Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate.
We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA.
We will keep you…
— Kelp (@KelpDAO) April 18, 2026
Cyvers Alerts said about $293.7 million was drained from KelpDAO’s rsETH adapter and said roughly $250 million had already been swapped into ETH, which helps explain why exposed lenders treated the event as a live collateral threat instead of a contained bridge anomaly.
On April 19, 2026, LayerZero said it was in active remediation with KelpDAO and that other applications remained safe while the root cause was still being identified. A single source later pointed to a single-signer bridge setup, but because LayerZero said the root cause was still unresolved, that explanation remained unconfirmed at publication time.
How the Kelp Exploit Spread Contagion Across DeFi
Aave said the rsETH markets on Aave V3 and Aave V4 had been frozen and stressed that Aave’s own contracts were not exploited. That freeze is the clearest example of containment: the protocol treated rsETH as the problem asset and tried to stop fresh borrowing or new deposits from turning an asset-level failure into wider bad debt.
The rsETH markets on Aave V3 and Aave V4 have been frozen. Aave's contracts have not been exploited and this is an exploit related to rsETH.
The freeze follows an exploit of the Kelp DAO rsETH bridge. Freezing the rsETH markets prevents new deposits and borrowing against rsETH…
— Aave (@aave) April 18, 2026
Cointelegraph reported that at least nine DeFi protocols and platforms, including Aave, Fluid, Compound Finance, SparkLend and Euler, were affected and took action after the exploit. In practice, that means rsETH’s role as reusable collateral let a bridge-related failure spill into lending and liquidity venues that were not themselves hacked.
DefiPrime said 116,500 unbacked rsETH, or about 18% of circulating supply, was minted during the incident. The same report said roughly $236 million in WETH was taken from Aave, which helps explain why executives described the fallout as contagion inside Ethereum DeFi rather than a one-protocol exploit.
Ethereum traded at $2,313.53, down 1.95% over 24 hours, as the rsETH shock hit the network’s largest collateral markets.
Why Crypto Executives Say Non-Isolated Lending Amplifies Risk
Cointelegraph reported that Curve founder Michael Egorov warned non-isolated lending exposes users to the risks of all tokens accepted as collateral on a platform. In plain language, one weak collateral listing can leak stress into a shared pool instead of staying boxed inside a single market.
The containment data cuts both ways: Aave said its own contracts were not exploited, while LayerZero said other applications remained safe. That suggests the industry lesson is less about Ethereum failing as a base layer and more about how quickly wrapped collateral can outrun the risk assumptions used to list it.
That same market-structure focus also shows up in Coinwy coverage of RaveDAO Denies Manipulation Amid Binance, Bitget RAVE Probe, Bitcoin Mining Difficulty Falls Slightly in Latest Adjustment and Iran Oil Tanker Fees Still Dominated by USDt, No Signs of BTC Yet: BPI, where infrastructure, settlement design and market plumbing mattered as much as token price.
Outlook: Fast Containment Did Not Remove the Structural Risk
The constructive read for DeFi is that KelpDAO paused rsETH, Aave froze its rsETH markets and LayerZero said remediation was active before there was evidence of chain-wide application failure. The risk case is that at least nine venues still had to react, which shows how much hidden interdependence builds up when a wrapped asset becomes common collateral.
Until an official postmortem appears, the cleanest conclusion is the narrow one supported by the data already in public: KelpDAO identified suspicious cross-chain activity, Cyvers tracked a large drain, Aave moved to freeze exposure and LayerZero said the root cause was still unresolved. That combination makes the rsETH episode a warning about collateral-listing standards and bridge assumptions, not just another isolated exploit headline.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
Read also :
- Current BTC Price Action Shows Dramatic Underperformance: Analyst
- RaveDAO Denies Manipulation Amid Binance, Bitget RAVE Probe
- Bitcoin Mining Difficulty Falls Slightly in Latest Adjustment
- Iran Oil Tanker Fees Still Dominated by USDt, No Signs of BTC Yet: BPI
- Bitcoin Tops $76K as Iran Declares Strait of Hormuz Open
