Kelp DAO Restores rsETH After $293M Hack, Completes Recovery

Kelp DAO has fully restored the backing for its liquid restaked token, rsETH, five weeks after a $293 million exploit compromised the protocol’s cross-chain bridge infrastructure. The incident, attributed to North Korea’s Lazarus Group, caused significant disruption across the decentralized finance (DeFi) ecosystem.

The final tranche of 20,373.7 rsETH was transferred on May 25 to the LayerZero smart contract responsible for managing the token’s cross-chain activity. This marks the completion of Kelp DAO’s recovery plan, which relied heavily on community and industry contributions. According to Kelp’s post on X (formerly Twitter), rsETH mints, redemptions, and rewards operations have resumed normal functionality.

The hack on April 18 exploited vulnerabilities in Kelp’s LayerZero-powered bridge, enabling the fraudulent minting of 116,500 rsETH—valued at approximately $292–$300 million. The attack disrupted liquidity in DeFi markets, with Aave suffering particularly severe impacts as the attacker leveraged stolen rsETH as collateral. This resulted in $190 million in bad debt for Aave and catalyzed net outflows that halved its total value locked (TVL) from $26.4 billion to under $14 billion, according to DefiLlama data.

Industry-Wide Recovery Efforts

In the wake of the exploit, Kelp DAO launched a comprehensive recovery initiative backed by over $300 million in pledges from DeFi protocols and organizations under the DeFi United banner. Notably, Arbitrum DAO approved a $70 million ETH release to aid in the effort. The first tranche of recovered rsETH—25,000 tokens—was bridged on May 13, enabling withdrawals to reopen the following day.

To address the root cause of the exploit, Kelp DAO is migrating its bridging infrastructure from LayerZero to Chainlink’s Cross-Chain Interoperability Protocol (CCIP). Announced on May 6, the move aims to bolster cross-chain security and mitigate structural risks associated with low-quorum bridge configurations.

Implications for Aave and Broader DeFi

Although Kelp DAO has successfully restored rsETH, Aave’s TVL has yet to recover. Data from DefiLlama shows that Aave’s TVL has remained stagnant between $13.9 billion and $15.1 billion since late April, reflecting continued caution among users. The incident underscores the interconnectedness of DeFi protocols, where vulnerabilities in one system can trigger cascading effects across the ecosystem.

The hack also reignites debates on the security of cross-chain bridges and liquid restaking protocols. As Kelp DAO transitions to Chainlink’s CCIP, industry participants will closely watch whether this new infrastructure can set a higher standard for cross-chain verification.

Looking Forward

The rsETH restoration is a significant milestone for Kelp DAO, but the long-term impact on user trust and adoption remains to be seen. With Ethereum (ETH) currently trading at $2,091.70, down 0.51% in the last 24 hours, market participants remain cautious amid broader concerns about protocol security in DeFi.

For Aave, the focus will be on rebuilding user confidence while managing the fallout from the bad debt created by the Kelp DAO exploit. The recovery of rsETH is a step forward, but the broader DeFi sector faces ongoing challenges in addressing systemic risks associated with interoperability and liquid staking.

Image source: Shutterstock