The biggest DeFi heist of 2026, hackers stole everything and conveniently tricked Aave as well

On the evening of April 18th at 17:35 (UTC), a wallet that had used Tornado Cash for laundering sent a cross-chain message to LayerZero’s EndpointV2 contract.

The message’s meaning was simple: a user on one chain wanted to cross back rsETH to the Ethereum mainnet. According to the protocol design, LayerZero faithfully transmitted the instruction. Kelp DAO’s bridge contract deployed on the mainnet also executed the release as intended, faithfully.

116,500 rsETH, valued at approximately $292 million at the time, was transferred in a single transaction to an address controlled by the attacker.

The problem was, no one on the other chain had ever deposited this rsETH. This “cross-chain request” was fabricated out of thin air; LayerZero believed it, and Kelp’s bridge also believed it.

46 minutes later, Kelp’s emergency multisig finally pressed the pause button. By this time, the attacker had already completed the second half of the operation, collateralizing the stolen, essentially unanchored rsETH into Aave V3 and borrowing about $236 million worth of wETH.

This is the largest DeFi theft since 2026, surpassing the $X million stolen from the Drift protocol attacked by North Korean hackers on April 1st, but what truly chills the industry isn’t just the amount.

How did the attack happen: three bets from 17:35 to 18:28

Let’s reconstruct the timeline.

17:35 UTC, first hit. The attacker called the lzReceive function on LayerZero EndpointV2 contract, a wallet funded via Tornado Cash, sending a forged cross-chain data packet to Kelp’s bridge contract. The contract verified successfully, releasing 116,500 rsETH to the attacker’s address. Single transaction. Clean.

18:21 UTC, Kelp’s emergency pause multisig froze the core rsETH contracts on the mainnet and multiple L2s. 46 minutes after the attack.

18:26 and 18:28 UTC, the attacker launched two more attempts, each carrying a LayerZero data packet trying to withdraw another 40,000 rsETH (about $100 million). Both attempts reverted; the contracts were already frozen, but the attacker was evidently still trying to drain the remaining liquidity.

From the first successful hit to Kelp’s public statement, nearly three hours passed.

Kelp’s first tweet was not until 20:10 UTC, with a restrained tone: “Suspicious cross-chain activity involving rsETH has been detected. The mainnet and multiple L2 rsETH contracts have been paused. We are working with LayerZero, Unichain, auditors, and external security experts to analyze the root cause.”

But even earlier than the official statement, ZachXBT, an on-chain detective, issued an alert on his Telegram channel before 3 PM ET, listing six wallet addresses related to the theft and pointing out that these attack wallets had pre-funded their funds via Tornado Cash before acting. He didn’t name Kelp DAO explicitly, but on-chain analysts linked the addresses within hours.

This was a premeditated, minute-level execution. Pre-funded laundering wallets, meticulously crafted cross-chain data packets, continuous actions involving attack and Aave collateralization—each step was like walking to a metronome.

Stealing and then坑一把

If it were just a simple bridge vulnerability, stealing 116,500 rsETH and fleeing, this would at most be considered a major incident of 2026. Kelp bears the loss, the community digests it for a few days, and the industry moves on.

But the attacker clearly did the math. The secondary liquidity of rsETH itself isn’t very deep; dumping $292 million into a DEX would incur significant slippage, eating into most of the profit. A more elegant exit would be to package this “spontaneously obtained rsETH” as a seemingly reputable collateral, then borrow out truly liquid assets via lending protocols.

So the attacker took the second step: depositing the stolen rsETH into Aave V3 as collateral and borrowing a large amount of wETH.

Why is this step deadly? Because at that moment, the Aave contract was still valuing the collateral based on the rsETH oracle price, while the reserves in the bridge had already been drained. The economic underpinning of this rsETH was effectively nonexistent. The lending protocol was still issuing loans based on a “full backing” assumption, but the collateral was essentially a worthless check.

The result: the attacker transferred the risk of liquidation to Aave’s wETH reserve pool.

Aave V3’s wETH reserves are now absorbing bad debt. Solidity developer and auditor 0xQuit warned on X that the wETH pool has already been impaired; some withdrawals can only be processed after Aave’s Umbrella backstop module settles the deficit.

The latest estimate of the bad debt is around $177 million, and this is only on the Ethereum mainnet side.

A first major test in a prophecy

For seasoned DeFi players, this sequence feels familiar—similar to the role Aave V2’s Safety Module played during the Luna collapse in 2022.

But this time, it’s Umbrella. Aave launched this new generation backstop system at the end of 2025 to replace the old Safety Module. This incident is the first major real-world stress test of Umbrella’s automatic bad debt coverage mechanism.

Umbrella’s logic is straightforward: stake aTokens like aWETH, aUSDC, GHO into the Umbrella insurance vault, earning extra incentives during normal times. When the corresponding asset pool runs into a deficit, the staked assets are proportionally slashed to cover the gap.

This design looks good on paper. In the first month of Aave v3.3 operation, the total pool deficit was about $400, with nearly $9.5 billion in outstanding loans—an almost negligible ratio.

But $177 million in bad debt is a different scale altogether. For users who staked aWETH into Umbrella, this will be their first real experience of what “bearing slashing risk” actually means. Aave’s official statement is cautious: if bad debt occurs, Aave plans to use Umbrella assets to cover any shortfall. But whether it can fully cover it, how high the slashing ratio will be, and how much principal will be lost—all these questions can only be answered after settlement.

The original sin of cross-chain bridges

Even more unsettling is the identity of the stolen rsETH.

The rsETH tokens are deployed across more than 20 networks, including Base, Arbitrum, Linea, Blast, Mantle, Scroll, with cross-chain transfer handled via LayerZero’s OFT standard. The drained bridge’s rsETH reserves are precisely what back all “wrapped” rsETH on these networks.

This design sounds routine: the mainnet treasury holds a 1:1 reserve, and rsETH holders on L2 can theoretically redeem back to the mainnet at any time. But this mechanism’s premise is that the treasury actually has the funds.

Now, the treasury is 18% empty. About 18% of the circulating rsETH supply in Kelp’s ecosystem suddenly lost its backing overnight.

This creates a feedback loop: if L2 holders panic and redeem en masse, the pressure will transmit to the unaffected Ethereum supply side, possibly forcing Kelp to unwind re-staking positions to meet withdrawal demands.

Unwinding re-staking isn’t a one-button process. EigenLayer withdrawals have delays, and validator exits are queued. If L2 rsETH holders rush to redeem, Kelp might not have enough time to prepare the mainnet liquidity.

This is a fundamental risk of the bridge reserve model: as soon as the mainnet pool fails, downstream water pressure collapses. Every L2 rsETH holder faces the same dilemma—run first or trust Kelp to cover.

Within hours, panic swept through the entire DeFi lending sector.

Aave V3 and V4’s rsETH markets froze, new deposits and rsETH-based lending channels shut down.

SparkLend, Fluid followed suit, freezing rsETH markets.

Ethena, although claiming no rsETH exposure and maintaining over 101% collateralization, also paused its LayerZero OFT bridge from Ethereum mainnet as a precaution, expected to last about six hours. This reaction is quite telling: even players without direct exposure are halting LayerZero-related bridges.

Lido Finance paused new deposits into its earnETH product (which includes rsETH exposure), emphasizing that stETH and wstETH are unaffected, and that the core staking protocol is unrelated to this incident.

Upshift paused deposits and withdrawals for High Growth ETH and Kelp Gain vaults.

The list continues to grow.

Deep Tide comments: The road to DeFi security is long

As of this writing, Kelp DAO’s root cause analysis is ongoing. How much of the stolen rsETH can be recovered through security teams or white-hat negotiations? Can Aave’s Umbrella withstand this bad debt? Will L2 rsETH holders trigger a run? Can the prices of AAVE and rsETH stabilize before the weekend ends?

But some issues have already become apparent.

For example, can LRT (Liquid Restaking Token) still qualify as collateral in lending protocols?

LRT has been a darling of the Ethereum ecosystem in the last cycle. EigenLayer’s “earn multiple layers of yield from one ETH” narrative, along with protocols like Kelp, ether.fi, Puffer, industrialized this story. The result: LRT was added to the collateral whitelist of major lending protocols as a structured asset.

This decision was based on an assumption: that LRT’s peg mechanism is robust enough, and the multi-layered nested risk of the underlying assets can be fully modeled and isolated at the smart contract level.

The Kelp incident punctured this assumption in just an afternoon. The risks of LRT are not only from the underlying smart contracts but also from its cross-chain distribution architecture; not only from a single protocol but from every dependency between it, EigenLayer, LayerZero, and Aave. Each Lego block in DeFi may seem safe individually, but assembled together, the risk multiplies rather than adds.

In the coming months, all lending protocols still listing LRT as high-grade collateral will need to reassess risk parameters. Borrowing limits will be lowered, liquidation buffers widened, and some protocols may delist altogether.

DeFi’s moat has long been called “composability,” but this incident reminds everyone: composability is a double-edged sword. The network effects you pride yourself on can become amplifiers in the hands of attackers.

This attacker’s premeditated exit path was not just theft but weaponizing DeFi’s composability. The more tightly coupled and composable the protocols, the broader the attack surface. The attacker can invoke more financial Lego blocks.

DeFi security remains a long road ahead.