Kelp DAO Exploit Losses Reach $300M, Aave-Led Relief Matches Full Amount
A coordinated DeFi recovery effort led by Aave has amassed over 132,000 ETH, valued at more than $300 million, to cover losses from the Kelp DAO exploit that drained $293.7 million in unbacked rsETH tokens.[1][4]
- Attackers exploited a vulnerability in Kelp DAO’s LayerZero bridge, minting 116,500 rsETH without collateral, valued at nearly $300 million.[2][5]
- The unbacked rsETH, used as collateral on Aave, triggered $9 billion in withdrawals from the lending protocol in hours.[3][5]
- Kelp DAO paused rsETH contracts immediately; Aave V3, SparkLend, and others froze related markets to limit contagion.[6]
- DeFi United, the relief initiative, secured pledges including 30,000 ETH from Consensys and Joseph Lubin, plus 25,000 ETH from Aave’s DAO treasury.[1][4]
- Additional contributions came from Lido DAO, Ether.fi, Kelp, and Circle Ventures via AAVE token purchases to stabilize lending markets.[1][4]
- Funds traced to Ethereum and Arbitrum; attacker used Tornado Cash for gas fees, with suspicions of North Korea-linked groups.[2][3][5]
Exploit Mechanics
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
The breach centered on Kelp DAO’s rsETH adapter, which lets users deposit liquid staking tokens like stETH or cbETH for rsETH in return.[2] Attackers compromised the LayerZero cross-chain bridge, generating fake transaction confirmations to mint unbacked rsETH.[3][5] This rsETH flowed into Aave as collateral for borrowings, creating bad debt when the backing failed.[1]
Kelp DAO detected suspicious activity around 2:50 p.m. New York time and halted contracts.[2] Security firms Cyvers and PeckShield confirmed the drain of $293.7 million, with tokens swapped across chains.[2][5] The integration depth amplified fallout: rsETH underpinned yield strategies, leveraged positions, and lending loops across DeFi.[6]
Relief Effort Details
Aave service providers proposed 25,000 ETH from the DAO treasury, worth about $58 million at the time.[1] DeFi United pooled this with private pledges, hitting 132,000 ETH to backstop Aave’s shortfall.[1][4] Circle Ventures bought AAVE tokens to ease sell pressure; Consensys and Ethereum co-founder Joseph Lubin committed 30,000 ETH.[1][4] Lido DAO, Ether.fi, and Kelp added 9,500 ETH.[4]
The effort directs funds to redeem or offset rsETH bad debt, aiming for full ecosystem stabilization.[1]
Crypto Market Impact
Custodial and integration risks exposed. rsETH’s role in lending and yield protocols showed how restaking tokens can cascade failures; Aave saw $9 billion outflows as users fled interconnected collateral.[3][5][6] Protocols like SparkLend, Fluid, Upshot, and Lido’s Mellow vaults paused operations, underscoring composability vulnerabilities.[6]
Bridge exploits persist as top vector. LayerZero bridges have faced repeated issues; this followed social engineering or code flaws, not smart contract bugs alone.[3][5] Historical data shows bridges account for 40% of DeFi losses since 2022, per Chainalysis reports on similar incidents.
Tracing and mixer usage complicates pursuit. Funds hit Ethereum and Arbitrum post-swap, funded via Tornado Cash- a pattern in state-sponsored attacks.[2][3] On-chain sleuths like ZachXBT flagged flows early, but liquidity freezes blocked redemptions.[2][6]
Recovery & Tracing
Stolen amount: 116,500 rsETH ($293.7 million).[2][5]
Seized amount: Unconfirmed in public filings.
Recovery %: DeFi United relief matches full value at 132,000 ETH ($300+ million), targeted at Aave bad debt; attacker funds unrecovered.[1][4]
No direct seizures reported. Structural risk remains elevated for bridged assets.
Risks & Uncertainties
Downside scenario: Paused markets persist, trapping rsETH holders without redemption paths and forcing liquidations elsewhere.[6]
Uncertainty factor: Full rsETH exposure across DeFi unclear; additional pauses or shortfalls could follow.[6] Recovery status beyond relief pledges unconfirmed in public filings.
Full matching of Kelp losses signals DeFi’s maturing backstop mechanisms, but bridge flaws keep systemic runs one exploit away.
[1] https://www.mexc.com/news/1057501[2] https://www.dlnews.com/articles/defi/kelp-dao-defi-protocol-hacked-for-300-million/
[3] https://www.binance.com/en/square/post/314637273424561
[4] https://phemex.com/news/article/defi-united-secures-300m-to-address-kelp-dao-exploit-losses-76652
[5] https://gulfnews.com/business/markets/how-a-300m-hack-unleashed-a-9b-drain-from-worlds-top-crypto-lender-1.500520923
[6] https://www.btcc.com/en-US/square/Cryptopolitan/1631870
