Kelp rsETH bridge exploit triggers mass Aave withdrawals — >$5.4B ETH pulled; ~$293M exploit
first published 2026-04-18T19:20:25Z
On April 18, 2026 an attacker exploited a minting flaw in KelpDAO’s rsETH to create uncollateralized rsETH, deposited the inflated tokens into Aave V3 on Ethereum and Arbitrum, and generated bad debt. On-chain investigator ZachXBT flagged six attacker wallets (pre-funded via Tornado Cash) and estimated losses of $280M+ (community estimates $100M–$293M). The exploit pushed AAVE down ~10–13% while KelpDAO had not confirmed the event and analysts continue tracing funds and monitoring attacker wallets.
AI Analysis
Attacker exploited a rsETH minting flaw to create unbacked rsETH and deposited it into Aave V3 on Ethereum and Arbitrum, producing bad debt; ZachXBT flagged six attacker wallets pre-funded via Tornado Cash and estimated losses of $280M+; AAVE fell ~10–13%; KelpDAO had not confirmed and analysts are still tracing funds.
Expected Investor Sentiment: Very Bearish
Potential Market Impact: High
Source Articles
- ZachXBT Flags $280M+ KelpDAO Exploit Hitting Ethereum DeFi Lending Markets - Bitcoin.com
- 2026's biggest crypto exploit: Kelp DAO hit for $292 million with wrapped ether stranded across 20 chains - CoinDesk
- Kelp restaking platform exploited, $293M drained in attack - Cointelegraph
- Massive $290 Million Hack Hits Ethereum and Arbitrum - U.Today
- Kelp attack spreads risk across DeFi, $293M lost - Crypto News
- AAVE Price Drops After DeFi Exploit Triggers Liquidation Cascade — Is $85 Next? - Coinpedia
- Aave Hit With $5.4 Billion in ETH Withdrawals After Kelp DAO rsETH Exploit - Coinpedia
