The biggest DeFi heist of 2026, where the hacker took advantage to hit Aave after stealing

Written by Xiaobing, DeepTide TechFlow

At 17:35 UTC on the evening of April 18, a wallet laundered through Tornado Cash sent a cross-chain message to LayerZero's EndpointV2 contract.

The semantics of this message are simple: a user on a certain chain wanted to bridge rsETH back to the Ethereum mainnet. LayerZero, in accordance with the protocol design, faithfully relayed the instruction. The bridge contract deployed by Kelp DAO on the mainnet also executed the release as designed.

116,500 rsETH, worth approximately $292 million at the time, were transferred to an address controlled by the attacker in a single transaction.

The problem is, no one on the other chain ever deposited this rsETH. This 'cross-chain request' was forged out of thin air, and both LayerZero and Kelp's bridge believed it.

Forty-six minutes later, Kelp's emergency multi-signature pressed the pause button. By that time, the attacker had already completed the second half of the operation, using the stolen, essentially unbacked rsETH as collateral in Aave V3 to borrow wETH worth approximately $236 million.

This is the largest DeFi theft in 2026 so far, surpassing the Drift protocol hack attributed to North Korea-backed hackers on April 1 by several million dollars. But what truly sent chills down the industry’s spine was not just the amount.

Let’s reconstruct the timeline.

17:35 UTC, first success. The attacker called the lzReceive function on the LayerZero EndpointV2 contract. A wallet funded by Tornado Cash passed a forged cross-chain packet to Kelp's bridge contract. The contract verified it successfully, releasing 116,500 rsETH to the attacker’s address. In a single transaction. Clean.

At 18:21 UTC, Kelp's emergency multi-signature froze the rsETH core contracts on the mainnet and multiple L2 chains. 46 minutes have passed since the attack occurred.

At 18:26 and 18:28 UTC, the attacker made two more attempts, each time sending a LayerZero packet trying to withdraw an additional 40,000 rsETH (approximately $100 million). Both attempts were reverted. The contract has been frozen, but the attacker is clearly still trying to drain the remaining liquidity.

Nearly three hours elapsed between the initial success and Kelp's public statement.

Kelp's first X post was not published until 20:10 UTC, with very measured wording: Suspicious cross-chain activity involving rsETH was detected; the rsETH contracts on the mainnet and multiple L2 chains have been suspended. Root cause analysis is underway in collaboration with LayerZero, Unichain, auditors, and external security experts.

However, ZachXBT reached a conclusion earlier than the official statement. The on-chain detective issued an alert on his Telegram channel before 3 PM EST, listing six wallet addresses associated with this theft and pointing out that the attack wallets had prepared funds via Tornado Cash before initiating actions. He did not name Kelp DAO, but on-chain analysts connected the dots within a few hours.

This was apremeditated operation executed within minutes. Pre-charged laundered wallets, carefully crafted cross-chain packets, continuous actions of the attack combined with Aave collateral loans—every step seemed to follow a metronome.

If it were just a simple bridge vulnerability, stealing 116,500 rsETH and running away, this would at most be considered a major accident in 2026. Kelp would bear the loss, the community would digest it in a few days, and the industry would move on.

But the attacker clearly did the math. The secondary market liquidity of rsETH itself is not abundant; dumping $292 million directly into a DEX would result in slippage eating up a significant portion of the profits. A more elegant way to offload the tokens is to package these 'rsETH obtained out of thin air' as seemingly respectable collateral and borrow genuinely liquid assets from lending protocols.

So the attacker took the second step:Deposit the stolen rsETH into Aave V3 as collateral and borrow a large amount of wETH.

Why was this step fatal? Because at that moment, the Aave contract was still calculating the value of the collateral based on the oracle price of rsETH, while the reserves in the bridge had already been emptied, meaning the economic foundation of these rsETH no longer existed. The lending protocol was still issuing loans based on the '100% gold standard,' but the collateral had essentially become a bad check.

The result is:The attacker transferred the risk of cashing out to Aave's wETH reserve pool.

Aave V3's wETH reserve is now dealing with bad debt. Solidity developer and auditor 0xQuit reminded depositors on X that the wETH pool has actually been impaired, and partial withdrawals may only be possible after Aave's Umbrella backup module clears the deficit.

The latest estimate of the bad debt scale is around $177 million, and this is only on the Ethereum mainnet side.

For veteran DeFi players, this scenario feels eerily familiar—similar to when LUNA collapsed in 2022, and Aave V2’s Safety Module played a comparable role.

However, this time it is Umbrella, the next-generation backup system introduced by Aave at the end of 2025 to replace the old Safety Module. This event marks the first major live stress test of Umbrella's automatic bad debt coverage mechanism.

The logic behind Umbrella is straightforward: Stake aTokens like aWETH, aUSDC, and GHO into the corresponding Umbrella vaults to earn additional incentives during normal times. However, when the corresponding asset pool incurs a deficit, these staked assets will be proportionally slashed to cover the shortfall.

On paper, this design looks excellent. In the first month of Aave v3.3’s operation, the total accumulated deficit across all pools was approximately $400, corresponding to nearly $9.5 billion in outstanding loans—a ratio so small it is almost negligible.

But a bad debt of $177 million is an entirely different magnitude. For users who have staked aWETH into Umbrella, this will be their first real taste of what "bearing slashing risks" truly means. Aave's official response has been cautious.In the event of bad debt, Aave plans to utilize Umbrella's assets to cover any financial shortfall. However, whether it can fully cover the losses, the extent of the slashing ratio, and how much of the stakers' principal will be impaired are questions that can only be answered after the settlement process concludes.

More unsettling is the identity of the rsETH that was stolen.

rsETH has been deployed on more than 20 networks, including Base, Arbitrum, Linea, Blast, Mantle, and Scroll, with its cross-chain transfers facilitated by LayerZero’s OFT standard. The drained rsETH from the bridge served as the reserve backing all 'wrapped versions' of rsETH on these networks.

At first glance, this design appears routine: The mainnet vault holds a 1:1 reserve, allowing rsETH holders on L2 to theoretically redeem their assets back to the mainnet at any time. But the prerequisite for this mechanism is clear—The vault must actually have the funds.。

The treasury is now depleted by 18%. Approximately 18% of Kelp's total circulating supply of rsETH lost its corresponding reserves overnight.

This creates a feedback loop: once holders on L2 panic and redeem, the pressure is transmitted to the unaffected Ethereum supply side, potentially forcing Kelp to unwind its re-staking positions to meet withdrawal requests.

Unwinding re-staking isn't as simple as pressing a button. EigenLayer’s withdrawal process has a delay period, and the exit queue for underlying validators takes time. If rsETH holders on L2 collectively rush to redeem, Kelp may not be able to prepare sufficient repayment resources on the mainnet in time.

This is a fundamental risk of the bridge reserve model: if the mainnet reservoir encounters issues, the water pressure across all downstream channels will collapse.At this moment, every rsETH holder on each L2 is facing the same multiple-choice question: should they run first, or trust that Kelp can backstop?

Panic completed its sweep across the entire DeFi lending sector within hours.

Aave V3 and V4 rsETH markets were frozen, with new deposits and rsETH-based lending channels closed.

SparkLend and Fluid followed suit by freezing their rsETH markets.

Although Ethena stated it has no rsETH exposure and maintains over 101% over-collateralization, it still paused its LayerZero OFT bridge originating from the Ethereum mainnet as a precautionary measure. The suspension is expected to last about six hours. This reaction is quite intriguing: players without direct exposure are also halting LayerZero-related bridges.

Lido Finance suspended new deposits into its earnETH product (due to its rsETH exposure) while emphasizing that stETH and wstETH remain unaffected. Lido’s core staking protocol is unrelated to this incident.

Upshift has suspended deposits and withdrawals for the High Growth ETH and Kelp Gain vaults.

This list is still growing longer.

As of the writing of this article, Kelp DAO's root cause analysis is still ongoing. How much of the stolen rsETH can be recovered through negotiations with security teams or white hats? Can Aave's Umbrella withstand this bad debt? Will rsETH holders on L2 trigger a bank run? Can the prices of AAVE and rsETH stabilize before the weekend ends?

However, some issues have already become apparent.

For instance, can LRT continue to serve as qualified collateral for lending protocols?

Liquid Restaking Token (LRT), the darling of the Ethereum ecosystem in the previous cycle. EigenLayer initiated the narrative of 'earning multiple layers of returns with one ETH,' and protocols like Kelp, ether.fi, and Puffer industrialized this narrative. The ultimate result was:LRT was incorporated into the collateral whitelist by major lending protocols as a structured asset.

This decision was based on an assumption: that LRT's pegging mechanism was robust enough, and the risks of multi-layered nesting of underlying assets could be fully modeled and isolated at the smart contract level.

The Kelp incident took just one afternoon to punch a big hole in this assumption. The risks of LRT do not only come from the underlying smart contracts but also from its cross-chain distribution architecture; not only from a single protocol but from every dependency between it, EigenLayer, LayerZero, and Aave.Each building block of DeFi lego appears secure when viewed individually, but when pieced together, the risks multiply rather than add up.

In the coming months, all lending protocols that still classify LRT as high-grade collateral will need to reassess their risk parameters. Supply caps will be lowered, liquidation buffers widened, and some protocols may delist it entirely.

DeFi’s moat has always been referred to as 'composability,' but this incident serves as a reminder to everyone:Composability is a double-edged sword. The network effects you take pride in become amplifiers in the hands of attackers.

This time, the attacker had already planned an exit strategy—not just for theft, but to weaponize DeFi composability. The tighter the interdependency between protocols and the richer the composability, the wider the attack surface becomes, giving them more financial legos to exploit.

DeFi security remains an uphill battle.

650 Views