Kelp DAO Exploit Drives $600M DeFi Losses as TVL Hits Yearly Low

40m ago•

bullish:

bearish:

Kelp DAO exploit has triggered a sweeping reassessment of risk across decentralized finance after a critical failure exposed structural weaknesses in cross-chain systems. The April 18, 2026 incident resulted in the minting of 116,500 unbacked rsETH, sending shockwaves through lending and restaking protocols.

The fallout has already translated into more than $600 million in direct losses, with broader sector damage nearing $1 billion in recent weeks. The event now stands as a defining stress test for DeFi infrastructure and capital resilience.

What does the Kelp DAO exploit reveal about its architecture?

The Kelp DAO exploit highlights a structural flaw rather than a coding error. The rsETH bridge relied on a single Decentralized Verifier Network node to validate LayerZero messages, effectively a 1-of-1 setup.

Security firm Halborn had flagged this configuration earlier. Yet, the system remained unchanged. This created a single point of failure, which attackers ultimately exploited without needing to breach any smart contract.

How did attackers execute the breach?

The Kelp DAO exploit unfolded through coordinated infrastructure manipulation. Attackers compromised two RPC nodes feeding data into the verifier. They then launched distributed denial-of-service attacks on backup nodes. This forced the system into a vulnerable state. A fraudulent message was injected, allowing the minting of 116,500 rsETH with no underlying collateral. This amount represented nearly 18% of the circulating supply.

LayerZero stated that the attack bears the signature of North Korea’s Lazarus Group, specifically its TraderTraitor unit, though formal confirmation is still pending. At the same time, LayerZero confirmed it is working with Kelp DAO to address the vulnerability while maintaining that other applications using its infrastructure remain secure.

DeFi losses — Kelp DAO Exploit Drives $600M DeFi Losses as TVL Hits Yearly Low 6

Why did losses spread so quickly across DeFi?

The Kelp DAO exploit did not remain isolated. The unbacked rsETH quickly entered lending markets. Protocols like Aave, SparkLend, and Fluid had accepted rsETH as collateral. This created what Halborn described as an “echo chamber” of risk. As a result, bad debt spread rapidly across platforms. The attacker swapped the minted assets into ETH and Arbitrum using loans from these protocols.

Tornado Cash was used to obscure transaction fees, while malware erased traces from compromised systems. Allium noted, “the tools worked as designed. The way they were configured did not.” This highlights shared responsibility, where warnings existed but configuration decisions amplified the damage even as rapid market freezes helped prevent deeper losses.

What does the $13 billion TVL drop indicate?

The Kelp DAO exploit accelerated an already weakening market. DeFi total value locked had been declining through Q1 2026 under broader macro pressure before the incident intensified the trend. Within 48 hours of the attack, the sector saw a $13 billion outflow. This pushed TVL to its lowest level in a year.

Even protocols without direct exposure, such as Compound, experienced withdrawals driven by contagion concerns. DeFi TVL later stabilized near $82 billion, roughly 25% below its peak levels. Current data shows total value locked at $85.724 billion, reflecting a +0.25% increase over the past 24 hours. This suggests that while confidence has been shaken, the market is showing early signs of stabilization rather than continued decline.

cross-chain bridge — Kelp DAO Exploit Drives $600M DeFi Losses as TVL Hits Yearly Low 7

Which protocols faced the biggest impact?

The Kelp DAO exploit hit Aave the hardest. The protocol froze rsETH markets to contain damage. Its total value locked dropped from $26.4 billion to nearly $18 billion, marking an approximate $8.4 billion decline as users exited positions amid concerns over bad debt tied to contaminated collateral.

Current data places Aave’s total value locked at $15.842 billion, indicating continued pressure beyond the initial outflows. The AAVE token is trading at $93.11, up 0.63% over the past 24 hours but down 6.88% over the week.

Aave’s risk team is now modeling potential losses. The outcome depends on how much of the unbacked rsETH can be recovered. Meanwhile, governance token sentiment remains cautious, reflecting uncertainty around recovery despite short-term price stabilization.

What are experts watching next?

The Kelp DAO exploit has left the market waiting for two critical developments. First is the forensic report from Kelp DAO, expected to clarify the full scope of the breach and outline compensation plans. Second is Aave’s resolution of bad debt linked to rsETH. These factors will determine whether the situation stabilizes or worsens. Kelp DAO has also initiated white hat negotiations within 24 hours of the attack.

DeFi TVL crash — Kelp DAO Exploit Drives $600M DeFi Losses as TVL Hits Yearly Low 8

In parallel, the Arbitrum Security Council froze $71 million of the attacker’s funds, signaling coordinated response efforts across the ecosystem. If recovery measures are credible, analysts believe the damage may remain contained. If not, further capital rotation away from restaking protocols could follow, especially if LayerZero’s planned upgrades extend beyond Q2.

Conclusion

Kelp DAO exploit has exposed a deeper issue within DeFi’s infrastructure, where configuration risks can rival code vulnerabilities. The incident shows how a single misstep can cascade across interconnected systems. With over $600 million in direct losses and nearly $1 billion in broader damage, the stakes are clear.

At the same time, coordinated actions such as LayerZero’s fixes and Arbitrum’s fund freeze indicate that the ecosystem is actively adapting under pressure. It remains to be seen if these steps can restore market confidence in the near term. For now, the episode stands as both a warning and a signal that DeFi’s resilience will depend on how quickly it learns from its own fault lines.

Disclaimer – This report is intended for general information and should not be taken as investment advice. Readers are encouraged to verify details independently before making financial decisions.